-
Notifications
You must be signed in to change notification settings - Fork 520
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated Resources and Cmdlet documentation pages
- Loading branch information
1 parent
fcbafd6
commit 5225a92
Showing
1 changed file
with
114 additions
and
0 deletions.
There are no files selected for viewing
114 changes: 114 additions & 0 deletions
114
docs/docs/resources/azure-ad/AADGroupOwnerConsentSettings.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,114 @@ | ||
| # AADGroupOwnerConsentSettings | ||
|
|
||
| ## Parameters | ||
|
|
||
| | Parameter | Attribute | DataType | Description | Allowed Values | | ||
| | --- | --- | --- | --- | --- | | ||
| | **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | | ||
| | **EnableGroupSpecificConsent** | Write | Boolean | Flag indicating if groups owners are allowed to grant group specific permissions. | | | ||
| | **BlockUserConsentForRiskyApps** | Write | Boolean | Flag indicating if user consent will be blocked when a risky request is detected. Administrators will still be able to consent to apps considered risky. | | | ||
| | **EnableAdminConsentRequests** | Write | Boolean | Flag indicating if users will be able to request admin consent when they are unable to grant consent to an app themselves. | | | ||
| | **ConstrainGroupSpecificConsentToMembersOfGroupName** | Write | String | If EnableGroupSpecificConsent is set to âTrueâ and this is set to a security group name, members (both direct and transitive) of the group identified will be authorized to grant group-specific permissions to the groups they own. | | | ||
| | **Ensure** | Write | String | Specify if the Azure AD Group Consent Settings should exist or not. | `Present`, `Absent` | | ||
| | **Credential** | Write | PSCredential | Credentials of the Admin | | | ||
| | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | ||
| | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | ||
| | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | | ||
| | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | ||
| | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | ||
|
|
||
|
|
||
| # AADGroupOwnerConsentPolicySettings | ||
|
|
||
| ## Description | ||
|
|
||
| Azure AD Group Owner Consent Settings | ||
|
|
||
| ## Permissions | ||
|
|
||
| ### Microsoft Graph | ||
|
|
||
| To authenticate with the Microsoft Graph API, this resource required the following permissions: | ||
|
|
||
| #### Delegated permissions | ||
|
|
||
| - **Read** | ||
|
|
||
| - Directory.Read.All, Group.Read.All | ||
|
|
||
| - **Update** | ||
|
|
||
| - Directory.ReadWrite.All, Policy.ReadWrite.Authorization | ||
|
|
||
| #### Application permissions | ||
|
|
||
| - **Read** | ||
|
|
||
| - Directory.Read.All, Group.Read.All | ||
|
|
||
| - **Update** | ||
|
|
||
| - Directory.ReadWrite.All, Policy.ReadWrite.Authorization | ||
|
|
||
| ## Examples | ||
|
|
||
| ### Example 1 | ||
|
|
||
| This example is used to test new resources and showcase the usage of new resources being worked on. | ||
| It is not meant to use as a production baseline. | ||
|
|
||
| ```powershell | ||
| Configuration Example | ||
| { | ||
| param( | ||
| [Parameter(Mandatory = $true)] | ||
| [PSCredential] | ||
| $Credscredential | ||
| ) | ||
| Import-DscResource -ModuleName Microsoft365DSC | ||
| node localhost | ||
| { | ||
| AADGroupOwnerConsentSettings 'Example' | ||
| { | ||
| IsSingleInstance = "Yes" | ||
| EnableGroupSpecificConsent = $false | ||
| BlockUserConsentForRiskyApps = $true | ||
| EnableAdminConsentRequests = $false | ||
| #ConstrainGroupSpecificConsentToMembersOfGroupName = '' # value is only relevant if EnableGroupSpecificConsent is true. See example 2 | ||
| Ensure = 'Present' | ||
| Credential = $Credscredential | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Example 2 | ||
|
|
||
| This example is used to test new resources and showcase the usage of new resources being worked on. | ||
| It is not meant to use as a production baseline. | ||
|
|
||
| ```powershell | ||
| Configuration Example | ||
| { | ||
| param( | ||
| [Parameter(Mandatory = $true)] | ||
| [PSCredential] | ||
| $Credscredential | ||
| ) | ||
| Import-DscResource -ModuleName Microsoft365DSC | ||
| node localhost | ||
| { | ||
| AADGroupOwnerConsentSettings 'Example' | ||
| { | ||
| IsSingleInstance = "Yes" | ||
| EnableGroupSpecificConsent = $true # prerequisite for specifying a constraining group | ||
| ConstrainGroupSpecificConsentToMembersOfGroupName = 'Group-Vetted-GroupOwners' | ||
| Ensure = 'Present' | ||
| Credential = $Credscredential | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|