diff --git a/CHANGELOG.md b/CHANGELOG.md index f96a9674c7..8cf2b72d01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* IntuneDerivedCredential + * Initial release. * AADAdminConsentRequestPolicy * Initial release. * AADApplication @@ -44,12 +46,17 @@ * Initial release * IntuneMobileAppsWindowsOfficeSuiteApp * Initial release +* IntuneSecurityBaselineMicrosoft365AppsForEnterprise + * Initial release * PPAdminDLPPolicy * Initial release. * PPDLPPolicyConnectorConfigurations * Initial release. * PPPowerAppPolicyUrlPatterns * Initial release. +* TeamsUpgradePolicy + * Added support for tenant wide changes using the * value for users. + FIXES [#5174](https://github.com/microsoft/Microsoft365DSC/issues/5174) * M365DSCDRGUtil * Fixes an issue for the handling of skipped one-property elements in the Settings Catalog. FIXES [#5086](https://github.com/microsoft/Microsoft365DSC/issues/5086) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 index 5188f9fe59..8f3496d87e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.psm1 @@ -682,7 +682,7 @@ function Export-TargetResource { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DeviceSettings ` - -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogDeviceSettings' + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DeviceSettings = $complexTypeStringResult @@ -696,7 +696,7 @@ function Export-TargetResource { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserSettings ` - -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogUserSettings' + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10' if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserSettings = $complexTypeStringResult diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.schema.mof index 269777f6a7..47f1cc08cd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionPolicyWindows10/MSFT_IntuneAccountProtectionPolicyWindows10.schema.mof @@ -10,7 +10,7 @@ class MSFT_DeviceManagementConfigurationPolicyAssignments }; [ClassVersion("1.0.0.0")] -class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings +class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { [Write, Description("Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LsaCfgFlags; [Write, Description("Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String FacialFeaturesUseEnhancedAntiSpoofing; @@ -28,7 +28,7 @@ class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings }; [ClassVersion("1.0.0.0")] -class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings +class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { [Write, Description("Enable Pin Recovery (User) (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String EnablePinRecovery; [Write, Description("Expiration (User)")] SInt32 Expiration; @@ -49,8 +49,8 @@ class MSFT_IntuneAccountProtectionPolicyWindows10 : OMI_BaseResource [Key, Description("Policy name")] String DisplayName; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("The policy settings for the device scope."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings")] String DeviceSettings; - [Write, Description("The policy settings for the user scope"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings")] String UserSettings; + [Write, Description("The policy settings for the device scope."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10")] String DeviceSettings; + [Write, Description("The policy settings for the user scope"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10")] String UserSettings; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof index 676bc98242..c9d08b3067 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppCategory/MSFT_IntuneAppCategory.schema.mof @@ -1,7 +1,7 @@ [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppCategory")] class MSFT_IntuneAppCategory : OMI_BaseResource { - [Key, Description("The name of the app category.")] String DisplayName; + [Key, Description("The name of the app.")] String DisplayName; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Present", "Absent"}, Values{"Present", "Absent"}] string Ensure; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 new file mode 100644 index 0000000000..af4ecd222e --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.psm1 @@ -0,0 +1,499 @@ +function Get-TargetResource { + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param ( + + #region resource params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + + ) + + New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters | Out-Null + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + try + { + $instance = $null + if ($null -ne $Script:exportedInstances -and $Script:ExportMode) + { + $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Id -eq $Id} + } + + if ($null -eq $instance) + { + $instance = Get-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $Id -ErrorAction Stop + + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find Derived Credential by Id {$Id}." + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $instance = Get-MgBetaDeviceManagementDerivedCredential ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + if ($null -eq $instance) + { + Write-Verbose -Message "Could not find Derived Credential by DisplayName {$DisplayName}." + return $nullResult + } + } + } + } + + $results = @{ + Ensure = 'Present' + Id = $instance.Id + DisplayName = $instance.DisplayName + HelpUrl = $instance.HelpUrl + Issuer = $instance.Issuer.ToString() + NotificationType = $instance.NotificationType.ToString() + RenewalThresholdPercentage = $instance.RenewalThresholdPercentage + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ApplicationSecret = $ApplicationSecret + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + return [System.Collections.Hashtable] $results + } + catch + { + Write-Verbose -Message $_ + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource { + [CmdletBinding()] + param ( + + #region resource params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure='Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + $setParameters.remove('Id') | Out-Null + $setParameters.remove('Ensure') | Out-Null + + # CREATE + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + New-MgBetaDeviceManagementDerivedCredential @SetParameters + } + # UPDATE is not supported API, it always creates a new Derived Credential instance + # REMOVE + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Remove-MgBetaDeviceManagementDerivedCredential -DeviceManagementDerivedCredentialSettingsId $currentInstance.Id -Confirm:$false + } +} + +function Test-TargetResource { + [CmdletBinding()] + [OutputType([System.Boolean])] + param ( + + #region resource params + + [Parameter()] + [System.String] + $Id, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource { + [CmdletBinding()] + [OutputType([System.String])] + param ( + + #region resource params + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none', + + [Parameter()] + [System.Int32] + $RenewalThresholdPercentage, + + #endregion resource params + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + [array] $Script:exportedInstances = Get-MgBetaDeviceManagementDerivedCredential -ErrorAction Stop + + $i = 1 + $dscContent = '' + if ($Script:exportedInstances.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $Script:exportedInstances) + { + $displayedKey = $config.Id + Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline + + $params = @{ + Ensure = 'Present' + Id = $config.Id + DisplayName = $config.DisplayName + HelpUrl = $config.HelpUrl + Issuer = $config.Issuer.ToString() + NotificationType = $config.NotificationType.ToString() + RenewalThresholdPercentage = $config.RenewalThresholdPercentage + Credential = $Credential + AccessTokens = $AccessTokens + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof new file mode 100644 index 0000000000..e893173409 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/MSFT_IntuneDerivedCredential.schema.mof @@ -0,0 +1,31 @@ +[ClassVersion("1.0.0.0"), FriendlyName("IntuneDerivedCredential")] +class MSFT_IntuneDerivedCredential : OMI_BaseResource +{ + [Key, Description("The name of the app category.")] String DisplayName; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + + [Write, Description("The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.")] String HelpUrl; + [Write, Description("The nominal percentage of time before certificate renewal is initiated by the client.")] Uint32 RenewalThresholdPercentage; + [Write, Description("Supported values for the derived credential issuer."), + ValueMap{"intercede", "entrustDatacard", "purebred"}, + Values{"intercede", "entrustDatacard", "purebred"}] + String Issuer; + + [Write, Description("Supported values for the notification type to use."), + ValueMap{"none", "email", "companyPortal"}, + Values{"none", "email", "companyPortal"}] + String NotificationType; + + [Write, Description("Supported values for the notification type to use."), + ValueMap{"Present", "Absent"}, + Values{"Present", "Absent"}] + String Ensure; + + [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] String Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md new file mode 100644 index 0000000000..124a837b06 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/readme.md @@ -0,0 +1,6 @@ + +# IntuneDerivedCredential + +## Description + +## Create new navigation property to derivedCredentials for deviceManagement for Intune. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json new file mode 100644 index 0000000000..488bd5b384 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDerivedCredential/settings.json @@ -0,0 +1,21 @@ +{ + "resourceName": "IntuneDerivedCredential", + "description": "Use this resource to create new navigation property to derivedCredentials for device Management in Intune.", + + "permissions": { + "graph": { + "delegated": { + "read": [ + ], + "update": [ + ] + }, + "application": { + "read": [ + ], + "update": [ + ] + } + } + } + } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof index ec3e29882d..ce7f2b865f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.schema.mof @@ -57,12 +57,12 @@ class MSFT_IntuneMobileAppsMacOSLobApp : OMI_BaseResource [Write, Description("The owner of the app. Inherited from mobileApp.")] String Owner; [Write, Description("The privacy statement Url. Inherited from mobileApp.")] String PrivacyInformationUrl; [Write, Description("The publisher of the app. Inherited from mobileApp.")] String Publisher; + [Write, Description("The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp."), ValueMap{"notPublished", "processing","published"}, Values{"notPublished", "processing", "published"}] String PublishingState; [Write, Description("The bundleId of the app.")] String BundleId; [Write, Description("The build number of the app.")] String BuildNumber; [Write, Description("The version number of the app.")] String VersionNumber; [Write, Description("List of Scope Tag IDs for mobile app.")] String RoleScopeTagIds[]; [Write, Description("Whether to ignore the version of the app or not.")] Boolean IgnoreVersionDetection; - [Write, Description("Install the app as managed. Requires macOS 11.0.")] Boolean InstallAsManaged; [Write, Description("The icon for this app."), EmbeddedInstance("MSFT_DeviceManagementMimeContent")] String LargeIcon; [Write, Description("The minimum supported operating system to install the app."), EmbeddedInstance("MSFT_DeviceManagementMinimumOperatingSystem")] String MinimumSupportedOperatingSystem; [Write, Description("The list of categories for this app."), EmbeddedInstance("MSFT_DeviceManagementMobileAppCategory")] String Categories[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 new file mode 100644 index 0000000000..9958ba28ca --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.psm1 @@ -0,0 +1,1110 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline Microsoft365 Apps For Enterprise with Name {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id} and Name {$DisplayName} was found" + + # Retrieve policy specific settings + [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Id ` + -ExpandProperty 'settingDefinitions' ` + -All ` + -ErrorAction Stop + + $policySettings = @{} + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -ContainsDeviceAndUserSettings + + #region resource generator code + $complexDeviceSettings = @{} + $complexDeviceSettings.Add('Pol_SecGuide_A001_Block_Flash', $policySettings.DeviceSettings.pol_SecGuide_A001_Block_Flash) + $complexDeviceSettings.Add('Pol_SecGuide_Block_Flash', $policySettings.DeviceSettings.pol_SecGuide_Block_Flash) + $complexDeviceSettings.Add('Pol_SecGuide_Legacy_JScript', $policySettings.DeviceSettings.pol_SecGuide_Legacy_JScript) + $complexDeviceSettings.Add('POL_SG_powerpnt', $policySettings.DeviceSettings.pOL_SG_powerpnt) + $complexDeviceSettings.Add('POL_SG_onenote', $policySettings.DeviceSettings.pOL_SG_onenote) + $complexDeviceSettings.Add('POL_SG_mspub', $policySettings.DeviceSettings.pOL_SG_mspub) + $complexDeviceSettings.Add('POL_SG_msaccess', $policySettings.DeviceSettings.pOL_SG_msaccess) + $complexDeviceSettings.Add('POL_SG_winproj', $policySettings.DeviceSettings.pOL_SG_winproj) + $complexDeviceSettings.Add('POL_SG_visio', $policySettings.DeviceSettings.pOL_SG_visio) + $complexDeviceSettings.Add('POL_SG_outlook', $policySettings.DeviceSettings.pOL_SG_outlook) + $complexDeviceSettings.Add('POL_SG_winword', $policySettings.DeviceSettings.pOL_SG_winword) + $complexDeviceSettings.Add('POL_SG_excel', $policySettings.DeviceSettings.pOL_SG_excel) + $complexDeviceSettings.Add('L_PolicyEnableSIPHighSecurityMode', $policySettings.DeviceSettings.l_PolicyEnableSIPHighSecurityMode) + $complexDeviceSettings.Add('L_PolicyDisableHttpConnect', $policySettings.DeviceSettings.l_PolicyDisableHttpConnect) + $complexDeviceSettings.Add('L_AddonManagement', $policySettings.DeviceSettings.l_AddonManagement) + $complexDeviceSettings.Add('L_powerpntexe17', $policySettings.DeviceSettings.l_powerpntexe17) + $complexDeviceSettings.Add('L_excelexe15', $policySettings.DeviceSettings.l_excelexe15) + $complexDeviceSettings.Add('L_visioexe19', $policySettings.DeviceSettings.l_visioexe19) + $complexDeviceSettings.Add('L_onenoteexe26', $policySettings.DeviceSettings.l_onenoteexe26) + $complexDeviceSettings.Add('L_outlookexe22', $policySettings.DeviceSettings.l_outlookexe22) + $complexDeviceSettings.Add('L_pptviewexe18', $policySettings.DeviceSettings.l_pptviewexe18) + $complexDeviceSettings.Add('L_winwordexe21', $policySettings.DeviceSettings.l_winwordexe21) + $complexDeviceSettings.Add('L_exprwdexe24', $policySettings.DeviceSettings.l_exprwdexe24) + $complexDeviceSettings.Add('L_spdesignexe23', $policySettings.DeviceSettings.l_spdesignexe23) + $complexDeviceSettings.Add('L_winprojexe20', $policySettings.DeviceSettings.l_winprojexe20) + $complexDeviceSettings.Add('L_grooveexe14', $policySettings.DeviceSettings.l_grooveexe14) + $complexDeviceSettings.Add('L_mspubexe16', $policySettings.DeviceSettings.l_mspubexe16) + $complexDeviceSettings.Add('L_mse7exe27', $policySettings.DeviceSettings.l_mse7exe27) + $complexDeviceSettings.Add('L_msaccessexe25', $policySettings.DeviceSettings.l_msaccessexe25) + $complexDeviceSettings.Add('L_ConsistentMimeHandling', $policySettings.DeviceSettings.l_ConsistentMimeHandling) + $complexDeviceSettings.Add('L_excelexe43', $policySettings.DeviceSettings.l_excelexe43) + $complexDeviceSettings.Add('L_spdesignexe51', $policySettings.DeviceSettings.l_spdesignexe51) + $complexDeviceSettings.Add('L_onenoteexe54', $policySettings.DeviceSettings.l_onenoteexe54) + $complexDeviceSettings.Add('L_outlookexe50', $policySettings.DeviceSettings.l_outlookexe50) + $complexDeviceSettings.Add('L_pptviewexe46', $policySettings.DeviceSettings.l_pptviewexe46) + $complexDeviceSettings.Add('L_mspubexe44', $policySettings.DeviceSettings.l_mspubexe44) + $complexDeviceSettings.Add('L_visioexe47', $policySettings.DeviceSettings.l_visioexe47) + $complexDeviceSettings.Add('L_winprojexe48', $policySettings.DeviceSettings.l_winprojexe48) + $complexDeviceSettings.Add('L_msaccessexe53', $policySettings.DeviceSettings.l_msaccessexe53) + $complexDeviceSettings.Add('L_powerpntexe45', $policySettings.DeviceSettings.l_powerpntexe45) + $complexDeviceSettings.Add('L_grooveexe42', $policySettings.DeviceSettings.l_grooveexe42) + $complexDeviceSettings.Add('L_mse7exe55', $policySettings.DeviceSettings.l_mse7exe55) + $complexDeviceSettings.Add('L_winwordexe49', $policySettings.DeviceSettings.l_winwordexe49) + $complexDeviceSettings.Add('L_exprwdexe52', $policySettings.DeviceSettings.l_exprwdexe52) + $complexDeviceSettings.Add('L_Disableusernameandpassword', $policySettings.DeviceSettings.l_Disableusernameandpassword) + $complexDeviceSettings.Add('L_excelexe127', $policySettings.DeviceSettings.l_excelexe127) + $complexDeviceSettings.Add('L_grooveexe126', $policySettings.DeviceSettings.l_grooveexe126) + $complexDeviceSettings.Add('L_onenoteexe138', $policySettings.DeviceSettings.l_onenoteexe138) + $complexDeviceSettings.Add('L_mse7exe139', $policySettings.DeviceSettings.l_mse7exe139) + $complexDeviceSettings.Add('L_mspubexe128', $policySettings.DeviceSettings.l_mspubexe128) + $complexDeviceSettings.Add('L_visioexe131', $policySettings.DeviceSettings.l_visioexe131) + $complexDeviceSettings.Add('L_exprwdexe136', $policySettings.DeviceSettings.l_exprwdexe136) + $complexDeviceSettings.Add('L_msaccessexe137', $policySettings.DeviceSettings.l_msaccessexe137) + $complexDeviceSettings.Add('L_spdesignexe135', $policySettings.DeviceSettings.l_spdesignexe135) + $complexDeviceSettings.Add('L_winwordexe133', $policySettings.DeviceSettings.l_winwordexe133) + $complexDeviceSettings.Add('L_powerpntexe129', $policySettings.DeviceSettings.l_powerpntexe129) + $complexDeviceSettings.Add('L_outlookexe134', $policySettings.DeviceSettings.l_outlookexe134) + $complexDeviceSettings.Add('L_winprojexe132', $policySettings.DeviceSettings.l_winprojexe132) + $complexDeviceSettings.Add('L_pptviewexe130', $policySettings.DeviceSettings.l_pptviewexe130) + $complexDeviceSettings.Add('L_Informationbar', $policySettings.DeviceSettings.l_Informationbar) + $complexDeviceSettings.Add('L_excelexe113', $policySettings.DeviceSettings.l_excelexe113) + $complexDeviceSettings.Add('L_mspubexe114', $policySettings.DeviceSettings.l_mspubexe114) + $complexDeviceSettings.Add('L_msaccessexe123', $policySettings.DeviceSettings.l_msaccessexe123) + $complexDeviceSettings.Add('L_onenoteexe124', $policySettings.DeviceSettings.l_onenoteexe124) + $complexDeviceSettings.Add('L_outlookexe120', $policySettings.DeviceSettings.l_outlookexe120) + $complexDeviceSettings.Add('L_winprojexe118', $policySettings.DeviceSettings.l_winprojexe118) + $complexDeviceSettings.Add('L_powerpntexe115', $policySettings.DeviceSettings.l_powerpntexe115) + $complexDeviceSettings.Add('L_spdesignexe121', $policySettings.DeviceSettings.l_spdesignexe121) + $complexDeviceSettings.Add('L_grooveexe112', $policySettings.DeviceSettings.l_grooveexe112) + $complexDeviceSettings.Add('L_visioexe117', $policySettings.DeviceSettings.l_visioexe117) + $complexDeviceSettings.Add('L_mse7exe125', $policySettings.DeviceSettings.l_mse7exe125) + $complexDeviceSettings.Add('L_winwordexe119', $policySettings.DeviceSettings.l_winwordexe119) + $complexDeviceSettings.Add('L_exprwdexe122', $policySettings.DeviceSettings.l_exprwdexe122) + $complexDeviceSettings.Add('L_pptviewexe116', $policySettings.DeviceSettings.l_pptviewexe116) + $complexDeviceSettings.Add('L_LocalMachineZoneLockdownSecurity', $policySettings.DeviceSettings.l_LocalMachineZoneLockdownSecurity) + $complexDeviceSettings.Add('L_mse7exe41', $policySettings.DeviceSettings.l_mse7exe41) + $complexDeviceSettings.Add('L_powerpntexe31', $policySettings.DeviceSettings.l_powerpntexe31) + $complexDeviceSettings.Add('L_mspubexe30', $policySettings.DeviceSettings.l_mspubexe30) + $complexDeviceSettings.Add('L_outlookexe36', $policySettings.DeviceSettings.l_outlookexe36) + $complexDeviceSettings.Add('L_pptviewexe32', $policySettings.DeviceSettings.l_pptviewexe32) + $complexDeviceSettings.Add('L_excelexe29', $policySettings.DeviceSettings.l_excelexe29) + $complexDeviceSettings.Add('L_exprwdexe38', $policySettings.DeviceSettings.l_exprwdexe38) + $complexDeviceSettings.Add('L_grooveexe28', $policySettings.DeviceSettings.l_grooveexe28) + $complexDeviceSettings.Add('L_winwordexe35', $policySettings.DeviceSettings.l_winwordexe35) + $complexDeviceSettings.Add('L_msaccessexe39', $policySettings.DeviceSettings.l_msaccessexe39) + $complexDeviceSettings.Add('L_spdesignexe37', $policySettings.DeviceSettings.l_spdesignexe37) + $complexDeviceSettings.Add('L_visioexe33', $policySettings.DeviceSettings.l_visioexe33) + $complexDeviceSettings.Add('L_onenoteexe40', $policySettings.DeviceSettings.l_onenoteexe40) + $complexDeviceSettings.Add('L_winprojexe34', $policySettings.DeviceSettings.l_winprojexe34) + $complexDeviceSettings.Add('L_MimeSniffingSafetyFature', $policySettings.DeviceSettings.l_MimeSniffingSafetyFature) + $complexDeviceSettings.Add('L_powerpntexe59', $policySettings.DeviceSettings.l_powerpntexe59) + $complexDeviceSettings.Add('L_exprwdexe66', $policySettings.DeviceSettings.l_exprwdexe66) + $complexDeviceSettings.Add('L_grooveexe56', $policySettings.DeviceSettings.l_grooveexe56) + $complexDeviceSettings.Add('L_visioexe61', $policySettings.DeviceSettings.l_visioexe61) + $complexDeviceSettings.Add('L_outlookexe64', $policySettings.DeviceSettings.l_outlookexe64) + $complexDeviceSettings.Add('L_mspubexe58', $policySettings.DeviceSettings.l_mspubexe58) + $complexDeviceSettings.Add('L_mse7exe69', $policySettings.DeviceSettings.l_mse7exe69) + $complexDeviceSettings.Add('L_msaccessexe67', $policySettings.DeviceSettings.l_msaccessexe67) + $complexDeviceSettings.Add('L_pptviewexe60', $policySettings.DeviceSettings.l_pptviewexe60) + $complexDeviceSettings.Add('L_winprojexe62', $policySettings.DeviceSettings.l_winprojexe62) + $complexDeviceSettings.Add('L_spdesignexe65', $policySettings.DeviceSettings.l_spdesignexe65) + $complexDeviceSettings.Add('L_onenoteexe68', $policySettings.DeviceSettings.l_onenoteexe68) + $complexDeviceSettings.Add('L_winwordexe63', $policySettings.DeviceSettings.l_winwordexe63) + $complexDeviceSettings.Add('L_excelexe57', $policySettings.DeviceSettings.l_excelexe57) + $complexDeviceSettings.Add('L_NavigateURL', $policySettings.DeviceSettings.l_NavigateURL) + $complexDeviceSettings.Add('L_spdesignexe177', $policySettings.DeviceSettings.l_spdesignexe177) + $complexDeviceSettings.Add('L_onenoteexe180', $policySettings.DeviceSettings.l_onenoteexe180) + $complexDeviceSettings.Add('L_pptviewexe172', $policySettings.DeviceSettings.l_pptviewexe172) + $complexDeviceSettings.Add('L_outlookexe176', $policySettings.DeviceSettings.l_outlookexe176) + $complexDeviceSettings.Add('L_winprojexe174', $policySettings.DeviceSettings.l_winprojexe174) + $complexDeviceSettings.Add('L_msaccessexe179', $policySettings.DeviceSettings.l_msaccessexe179) + $complexDeviceSettings.Add('L_winwordexe175', $policySettings.DeviceSettings.l_winwordexe175) + $complexDeviceSettings.Add('L_excelexe169', $policySettings.DeviceSettings.l_excelexe169) + $complexDeviceSettings.Add('L_mspubexe170', $policySettings.DeviceSettings.l_mspubexe170) + $complexDeviceSettings.Add('L_exprwdexe178', $policySettings.DeviceSettings.l_exprwdexe178) + $complexDeviceSettings.Add('L_powerpntexe171', $policySettings.DeviceSettings.l_powerpntexe171) + $complexDeviceSettings.Add('L_visioexe173', $policySettings.DeviceSettings.l_visioexe173) + $complexDeviceSettings.Add('L_mse7exe181', $policySettings.DeviceSettings.l_mse7exe181) + $complexDeviceSettings.Add('L_grooveexe168', $policySettings.DeviceSettings.l_grooveexe168) + $complexDeviceSettings.Add('L_ObjectCachingProtection', $policySettings.DeviceSettings.l_ObjectCachingProtection) + $complexDeviceSettings.Add('L_winwordexe77', $policySettings.DeviceSettings.l_winwordexe77) + $complexDeviceSettings.Add('L_powerpntexe73', $policySettings.DeviceSettings.l_powerpntexe73) + $complexDeviceSettings.Add('L_spdesignexe79', $policySettings.DeviceSettings.l_spdesignexe79) + $complexDeviceSettings.Add('L_mse7exe83', $policySettings.DeviceSettings.l_mse7exe83) + $complexDeviceSettings.Add('L_mspubexe72', $policySettings.DeviceSettings.l_mspubexe72) + $complexDeviceSettings.Add('L_msaccessexe81', $policySettings.DeviceSettings.l_msaccessexe81) + $complexDeviceSettings.Add('L_onenoteexe82', $policySettings.DeviceSettings.l_onenoteexe82) + $complexDeviceSettings.Add('L_outlookexe78', $policySettings.DeviceSettings.l_outlookexe78) + $complexDeviceSettings.Add('L_grooveexe70', $policySettings.DeviceSettings.l_grooveexe70) + $complexDeviceSettings.Add('L_excelexe71', $policySettings.DeviceSettings.l_excelexe71) + $complexDeviceSettings.Add('L_visioexe75', $policySettings.DeviceSettings.l_visioexe75) + $complexDeviceSettings.Add('L_pptviewexe74', $policySettings.DeviceSettings.l_pptviewexe74) + $complexDeviceSettings.Add('L_winprojexe76', $policySettings.DeviceSettings.l_winprojexe76) + $complexDeviceSettings.Add('L_exprwdexe80', $policySettings.DeviceSettings.l_exprwdexe80) + $complexDeviceSettings.Add('L_ProtectionFromZoneElevation', $policySettings.DeviceSettings.l_ProtectionFromZoneElevation) + $complexDeviceSettings.Add('L_mspubexe100', $policySettings.DeviceSettings.l_mspubexe100) + $complexDeviceSettings.Add('L_visioexe103', $policySettings.DeviceSettings.l_visioexe103) + $complexDeviceSettings.Add('L_powerpntexe101', $policySettings.DeviceSettings.l_powerpntexe101) + $complexDeviceSettings.Add('L_excelexe99', $policySettings.DeviceSettings.l_excelexe99) + $complexDeviceSettings.Add('L_mse7exe111', $policySettings.DeviceSettings.l_mse7exe111) + $complexDeviceSettings.Add('L_winwordexe105', $policySettings.DeviceSettings.l_winwordexe105) + $complexDeviceSettings.Add('L_exprwdexe108', $policySettings.DeviceSettings.l_exprwdexe108) + $complexDeviceSettings.Add('L_msaccessexe109', $policySettings.DeviceSettings.l_msaccessexe109) + $complexDeviceSettings.Add('L_spdesignexe107', $policySettings.DeviceSettings.l_spdesignexe107) + $complexDeviceSettings.Add('L_onenoteexe110', $policySettings.DeviceSettings.l_onenoteexe110) + $complexDeviceSettings.Add('L_pptviewexe102', $policySettings.DeviceSettings.l_pptviewexe102) + $complexDeviceSettings.Add('L_winprojexe104', $policySettings.DeviceSettings.l_winprojexe104) + $complexDeviceSettings.Add('L_grooveexe98', $policySettings.DeviceSettings.l_grooveexe98) + $complexDeviceSettings.Add('L_outlookexe106', $policySettings.DeviceSettings.l_outlookexe106) + $complexDeviceSettings.Add('L_RestrictActiveXInstall', $policySettings.DeviceSettings.l_RestrictActiveXInstall) + $complexDeviceSettings.Add('L_mse7exe', $policySettings.DeviceSettings.l_mse7exe) + $complexDeviceSettings.Add('L_powerpntexe', $policySettings.DeviceSettings.l_powerpntexe) + $complexDeviceSettings.Add('L_spDesignexe', $policySettings.DeviceSettings.l_spDesignexe) + $complexDeviceSettings.Add('L_onenoteexe', $policySettings.DeviceSettings.l_onenoteexe) + $complexDeviceSettings.Add('L_excelexe', $policySettings.DeviceSettings.l_excelexe) + $complexDeviceSettings.Add('L_mspubexe', $policySettings.DeviceSettings.l_mspubexe) + $complexDeviceSettings.Add('L_visioexe', $policySettings.DeviceSettings.l_visioexe) + $complexDeviceSettings.Add('L_exprwdexe', $policySettings.DeviceSettings.l_exprwdexe) + $complexDeviceSettings.Add('L_outlookexe', $policySettings.DeviceSettings.l_outlookexe) + $complexDeviceSettings.Add('L_pptviewexe', $policySettings.DeviceSettings.l_pptviewexe) + $complexDeviceSettings.Add('L_winprojexe', $policySettings.DeviceSettings.l_winprojexe) + $complexDeviceSettings.Add('L_winwordexe', $policySettings.DeviceSettings.l_winwordexe) + $complexDeviceSettings.Add('L_grooveexe', $policySettings.DeviceSettings.l_grooveexe) + $complexDeviceSettings.Add('L_msaccessexe', $policySettings.DeviceSettings.l_msaccessexe) + $complexDeviceSettings.Add('L_RestrictFileDownload', $policySettings.DeviceSettings.l_RestrictFileDownload) + $complexDeviceSettings.Add('L_visioexe5', $policySettings.DeviceSettings.l_visioexe5) + $complexDeviceSettings.Add('L_winprojexe6', $policySettings.DeviceSettings.l_winprojexe6) + $complexDeviceSettings.Add('L_msaccessexe11', $policySettings.DeviceSettings.l_msaccessexe11) + $complexDeviceSettings.Add('L_spdesignexe9', $policySettings.DeviceSettings.l_spdesignexe9) + $complexDeviceSettings.Add('L_excelexe1', $policySettings.DeviceSettings.l_excelexe1) + $complexDeviceSettings.Add('L_powerpntexe3', $policySettings.DeviceSettings.l_powerpntexe3) + $complexDeviceSettings.Add('L_mspubexe2', $policySettings.DeviceSettings.l_mspubexe2) + $complexDeviceSettings.Add('L_exprwdexe10', $policySettings.DeviceSettings.l_exprwdexe10) + $complexDeviceSettings.Add('L_outlookexe8', $policySettings.DeviceSettings.l_outlookexe8) + $complexDeviceSettings.Add('L_pptviewexe4', $policySettings.DeviceSettings.l_pptviewexe4) + $complexDeviceSettings.Add('L_winwordexe7', $policySettings.DeviceSettings.l_winwordexe7) + $complexDeviceSettings.Add('L_onenoteexe12', $policySettings.DeviceSettings.l_onenoteexe12) + $complexDeviceSettings.Add('L_mse7exe13', $policySettings.DeviceSettings.l_mse7exe13) + $complexDeviceSettings.Add('L_grooveexe0', $policySettings.DeviceSettings.l_grooveexe0) + $complexDeviceSettings.Add('L_SavedfromURL', $policySettings.DeviceSettings.l_SavedfromURL) + $complexDeviceSettings.Add('L_pptviewexe158', $policySettings.DeviceSettings.l_pptviewexe158) + $complexDeviceSettings.Add('L_exprwdexe164', $policySettings.DeviceSettings.l_exprwdexe164) + $complexDeviceSettings.Add('L_mse7exe167', $policySettings.DeviceSettings.l_mse7exe167) + $complexDeviceSettings.Add('L_spdesignexe163', $policySettings.DeviceSettings.l_spdesignexe163) + $complexDeviceSettings.Add('L_winprojexe160', $policySettings.DeviceSettings.l_winprojexe160) + $complexDeviceSettings.Add('L_mspubexe156', $policySettings.DeviceSettings.l_mspubexe156) + $complexDeviceSettings.Add('L_visioexe159', $policySettings.DeviceSettings.l_visioexe159) + $complexDeviceSettings.Add('L_winwordexe161', $policySettings.DeviceSettings.l_winwordexe161) + $complexDeviceSettings.Add('L_msaccessexe165', $policySettings.DeviceSettings.l_msaccessexe165) + $complexDeviceSettings.Add('L_onenoteexe166', $policySettings.DeviceSettings.l_onenoteexe166) + $complexDeviceSettings.Add('L_outlookexe162', $policySettings.DeviceSettings.l_outlookexe162) + $complexDeviceSettings.Add('L_grooveexe154', $policySettings.DeviceSettings.l_grooveexe154) + $complexDeviceSettings.Add('L_excelexe155', $policySettings.DeviceSettings.l_excelexe155) + $complexDeviceSettings.Add('L_powerpntexe157', $policySettings.DeviceSettings.l_powerpntexe157) + $complexDeviceSettings.Add('L_ScriptedWindowSecurityRestrictions', $policySettings.DeviceSettings.l_ScriptedWindowSecurityRestrictions) + $complexDeviceSettings.Add('L_exprwdexe94', $policySettings.DeviceSettings.l_exprwdexe94) + $complexDeviceSettings.Add('L_mse7exe97', $policySettings.DeviceSettings.l_mse7exe97) + $complexDeviceSettings.Add('L_mspubexe86', $policySettings.DeviceSettings.l_mspubexe86) + $complexDeviceSettings.Add('L_outlookexe92', $policySettings.DeviceSettings.l_outlookexe92) + $complexDeviceSettings.Add('L_msaccessexe95', $policySettings.DeviceSettings.l_msaccessexe95) + $complexDeviceSettings.Add('L_powerpntexe87', $policySettings.DeviceSettings.l_powerpntexe87) + $complexDeviceSettings.Add('L_grooveexe84', $policySettings.DeviceSettings.l_grooveexe84) + $complexDeviceSettings.Add('L_excelexe85', $policySettings.DeviceSettings.l_excelexe85) + $complexDeviceSettings.Add('L_pptviewexe88', $policySettings.DeviceSettings.l_pptviewexe88) + $complexDeviceSettings.Add('L_spdesignexe93', $policySettings.DeviceSettings.l_spdesignexe93) + $complexDeviceSettings.Add('L_visioexe89', $policySettings.DeviceSettings.l_visioexe89) + $complexDeviceSettings.Add('L_onenoteexe96', $policySettings.DeviceSettings.l_onenoteexe96) + $complexDeviceSettings.Add('L_winprojexe90', $policySettings.DeviceSettings.l_winprojexe90) + $complexDeviceSettings.Add('L_winwordexe91', $policySettings.DeviceSettings.l_winwordexe91) + if ($complexDeviceSettings.values.Where({$null -ne $_}).Count -eq 0) + { + $complexDeviceSettings = $null + } + $policySettings.Remove('DeviceSettings') | Out-Null + + $complexUserSettings = @{} + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork) + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftAccess_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty', $policySettings.UserSettings.microsoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty) + $complexUserSettings.Add('L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks', $policySettings.UserSettings.l_Donotshowdataextractionoptionswhenopeningcorruptworkbooks) + $complexUserSettings.Add('L_Asktoupdateautomaticlinks', $policySettings.UserSettings.l_Asktoupdateautomaticlinks) + $complexUserSettings.Add('L_LoadpicturesfromWebpagesnotcreatedinExcel', $policySettings.UserSettings.l_LoadpicturesfromWebpagesnotcreatedinExcel) + $complexUserSettings.Add('L_DisableAutoRepublish', $policySettings.UserSettings.l_DisableAutoRepublish) + $complexUserSettings.Add('L_DoNotShowAutoRepublishWarningAlert', $policySettings.UserSettings.l_DoNotShowAutoRepublishWarningAlert) + $complexUserSettings.Add('L_Forcefileextenstionstomatch', $policySettings.UserSettings.l_Forcefileextenstionstomatch) + $complexUserSettings.Add('L_Forcefileextenstionstomatch_L_Empty', $policySettings.UserSettings.l_Forcefileextenstionstomatch_L_Empty) + $complexUserSettings.Add('L_DeterminewhethertoforceencryptedExcel', $policySettings.UserSettings.l_DeterminewhethertoforceencryptedExcel) + $complexUserSettings.Add('L_DeterminewhethertoforceencryptedExcelDropID', $policySettings.UserSettings.l_DeterminewhethertoforceencryptedExcelDropID) + $complexUserSettings.Add('L_BlockXLLFromInternet', $policySettings.UserSettings.l_BlockXLLFromInternet) + $complexUserSettings.Add('L_BlockXLLFromInternetEnum', $policySettings.UserSettings.l_BlockXLLFromInternetEnum) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('L_EnableBlockUnsecureQueryFiles', $policySettings.UserSettings.l_EnableBlockUnsecureQueryFiles) + $complexUserSettings.Add('L_DBaseIIIANDIVFiles', $policySettings.UserSettings.l_DBaseIIIANDIVFiles) + $complexUserSettings.Add('L_DBaseIIIANDIVFilesDropID', $policySettings.UserSettings.l_DBaseIIIANDIVFilesDropID) + $complexUserSettings.Add('L_DifAndSylkFiles', $policySettings.UserSettings.l_DifAndSylkFiles) + $complexUserSettings.Add('L_DifAndSylkFilesDropID', $policySettings.UserSettings.l_DifAndSylkFilesDropID) + $complexUserSettings.Add('L_Excel2MacrosheetsAndAddInFiles', $policySettings.UserSettings.l_Excel2MacrosheetsAndAddInFiles) + $complexUserSettings.Add('L_Excel2MacrosheetsAndAddInFilesDropID', $policySettings.UserSettings.l_Excel2MacrosheetsAndAddInFilesDropID) + $complexUserSettings.Add('L_Excel2Worksheets', $policySettings.UserSettings.l_Excel2Worksheets) + $complexUserSettings.Add('L_Excel2WorksheetsDropID', $policySettings.UserSettings.l_Excel2WorksheetsDropID) + $complexUserSettings.Add('L_Excel3MacrosheetsAndAddInFiles', $policySettings.UserSettings.l_Excel3MacrosheetsAndAddInFiles) + $complexUserSettings.Add('L_Excel3MacrosheetsAndAddInFilesDropID', $policySettings.UserSettings.l_Excel3MacrosheetsAndAddInFilesDropID) + $complexUserSettings.Add('L_Excel3Worksheets', $policySettings.UserSettings.l_Excel3Worksheets) + $complexUserSettings.Add('L_Excel3WorksheetsDropID', $policySettings.UserSettings.l_Excel3WorksheetsDropID) + $complexUserSettings.Add('L_Excel4MacrosheetsAndAddInFiles', $policySettings.UserSettings.l_Excel4MacrosheetsAndAddInFiles) + $complexUserSettings.Add('L_Excel4MacrosheetsAndAddInFilesDropID', $policySettings.UserSettings.l_Excel4MacrosheetsAndAddInFilesDropID) + $complexUserSettings.Add('L_Excel4Workbooks', $policySettings.UserSettings.l_Excel4Workbooks) + $complexUserSettings.Add('L_Excel4WorkbooksDropID', $policySettings.UserSettings.l_Excel4WorkbooksDropID) + $complexUserSettings.Add('L_Excel4Worksheets', $policySettings.UserSettings.l_Excel4Worksheets) + $complexUserSettings.Add('L_Excel4WorksheetsDropID', $policySettings.UserSettings.l_Excel4WorksheetsDropID) + $complexUserSettings.Add('L_Excel95Workbooks', $policySettings.UserSettings.l_Excel95Workbooks) + $complexUserSettings.Add('L_Excel95WorkbooksDropID', $policySettings.UserSettings.l_Excel95WorkbooksDropID) + $complexUserSettings.Add('L_Excel9597WorkbooksAndTemplates', $policySettings.UserSettings.l_Excel9597WorkbooksAndTemplates) + $complexUserSettings.Add('L_Excel9597WorkbooksAndTemplatesDropID', $policySettings.UserSettings.l_Excel9597WorkbooksAndTemplatesDropID) + $complexUserSettings.Add('L_Excel972003WorkbooksAndTemplates', $policySettings.UserSettings.l_Excel972003WorkbooksAndTemplates) + $complexUserSettings.Add('L_Excel972003WorkbooksAndTemplatesDropID', $policySettings.UserSettings.l_Excel972003WorkbooksAndTemplatesDropID) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID) + $complexUserSettings.Add('L_WebPagesAndExcel2003XMLSpreadsheets', $policySettings.UserSettings.l_WebPagesAndExcel2003XMLSpreadsheets) + $complexUserSettings.Add('L_WebPagesAndExcel2003XMLSpreadsheetsDropID', $policySettings.UserSettings.l_WebPagesAndExcel2003XMLSpreadsheetsDropID) + $complexUserSettings.Add('L_XL4KillSwitchPolicy', $policySettings.UserSettings.l_XL4KillSwitchPolicy) + $complexUserSettings.Add('L_EnableDataBaseFileProtectedView', $policySettings.UserSettings.l_EnableDataBaseFileProtectedView) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork) + $complexUserSettings.Add('MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftExcel_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('L_empty4', $policySettings.UserSettings.l_empty4) + $complexUserSettings.Add('MicrosoftExcel_Security_L_TurnOffFileValidation', $policySettings.UserSettings.microsoftExcel_Security_L_TurnOffFileValidation) + $complexUserSettings.Add('L_WebContentWarningLevel', $policySettings.UserSettings.l_WebContentWarningLevel) + $complexUserSettings.Add('L_WebContentWarningLevelValue', $policySettings.UserSettings.l_WebContentWarningLevelValue) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicy', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicy) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyWord', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyWord) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyExcel', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyExcel) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyVisio', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyVisio) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyPublisher', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyPublisher) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyOutlook', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyOutlook) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyProject', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyProject) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyAccess', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyAccess) + $complexUserSettings.Add('L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath', $policySettings.UserSettings.l_NoExtensibilityCustomizationFromDocumentPolicyInfoPath) + $complexUserSettings.Add('L_ActiveXControlInitialization', $policySettings.UserSettings.l_ActiveXControlInitialization) + $complexUserSettings.Add('L_ActiveXControlInitializationcolon', $policySettings.UserSettings.l_ActiveXControlInitializationcolon) + $complexUserSettings.Add('L_BasicAuthProxyBehavior', $policySettings.UserSettings.l_BasicAuthProxyBehavior) + $complexUserSettings.Add('L_AllowVbaIntranetRefs', $policySettings.UserSettings.l_AllowVbaIntranetRefs) + $complexUserSettings.Add('L_AutomationSecurity', $policySettings.UserSettings.l_AutomationSecurity) + $complexUserSettings.Add('L_SettheAutomationSecuritylevel', $policySettings.UserSettings.l_SettheAutomationSecuritylevel) + $complexUserSettings.Add('L_AuthenticationFBABehavior', $policySettings.UserSettings.l_AuthenticationFBABehavior) + $complexUserSettings.Add('L_AuthenticationFBAEnabledHostsID', $policySettings.UserSettings.l_AuthenticationFBAEnabledHostsID) + $complexUserSettings.Add('L_authenticationFBABehaviorEnum', $policySettings.UserSettings.l_authenticationFBABehaviorEnum) + $complexUserSettings.Add('L_DisableStrictVbaRefsSecurityPolicy', $policySettings.UserSettings.l_DisableStrictVbaRefsSecurityPolicy) + $complexUserSettings.Add('L_DisableallTrustBarnotificationsfor', $policySettings.UserSettings.l_DisableallTrustBarnotificationsfor) + $complexUserSettings.Add('L_Encryptiontypeforirm', $policySettings.UserSettings.l_Encryptiontypeforirm) + $complexUserSettings.Add('L_Encryptiontypeforirmcolon', $policySettings.UserSettings.l_Encryptiontypeforirmcolon) + $complexUserSettings.Add('L_Encryptiontypeforpasswordprotectedoffice972003', $policySettings.UserSettings.l_Encryptiontypeforpasswordprotectedoffice972003) + $complexUserSettings.Add('L_encryptiontypecolon318', $policySettings.UserSettings.l_encryptiontypecolon318) + $complexUserSettings.Add('L_Encryptiontypeforpasswordprotectedofficeopen', $policySettings.UserSettings.l_Encryptiontypeforpasswordprotectedofficeopen) + $complexUserSettings.Add('L_Encryptiontypecolon', $policySettings.UserSettings.l_Encryptiontypecolon) + $complexUserSettings.Add('L_LoadControlsinForms3', $policySettings.UserSettings.l_LoadControlsinForms3) + $complexUserSettings.Add('L_LoadControlsinForms3colon', $policySettings.UserSettings.l_LoadControlsinForms3colon) + $complexUserSettings.Add('L_MacroRuntimeScanScope', $policySettings.UserSettings.l_MacroRuntimeScanScope) + $complexUserSettings.Add('L_MacroRuntimeScanScopeEnum', $policySettings.UserSettings.l_MacroRuntimeScanScopeEnum) + $complexUserSettings.Add('L_Protectdocumentmetadataforrightsmanaged', $policySettings.UserSettings.l_Protectdocumentmetadataforrightsmanaged) + $complexUserSettings.Add('L_Allowmixofpolicyanduserlocations', $policySettings.UserSettings.l_Allowmixofpolicyanduserlocations) + $complexUserSettings.Add('L_DisabletheOfficeclientfrompolling', $policySettings.UserSettings.l_DisabletheOfficeclientfrompolling) + $complexUserSettings.Add('L_DisableSmartDocumentsuseofmanifests', $policySettings.UserSettings.l_DisableSmartDocumentsuseofmanifests) + $complexUserSettings.Add('L_OutlookSecurityMode', $policySettings.UserSettings.l_OutlookSecurityMode) + $complexUserSettings.Add('L_OOMAddressAccess', $policySettings.UserSettings.l_OOMAddressAccess) + $complexUserSettings.Add('L_OOMAddressAccess_Setting', $policySettings.UserSettings.l_OOMAddressAccess_Setting) + $complexUserSettings.Add('L_OOMMeetingTaskRequest', $policySettings.UserSettings.l_OOMMeetingTaskRequest) + $complexUserSettings.Add('L_OOMMeetingTaskRequest_Setting', $policySettings.UserSettings.l_OOMMeetingTaskRequest_Setting) + $complexUserSettings.Add('L_OOMSend', $policySettings.UserSettings.l_OOMSend) + $complexUserSettings.Add('L_OOMSend_Setting', $policySettings.UserSettings.l_OOMSend_Setting) + $complexUserSettings.Add('L_Preventusersfromcustomizingattachmentsecuritysettings', $policySettings.UserSettings.l_Preventusersfromcustomizingattachmentsecuritysettings) + $complexUserSettings.Add('L_RetrievingCRLsCertificateRevocationLists', $policySettings.UserSettings.l_RetrievingCRLsCertificateRevocationLists) + $complexUserSettings.Add('L_empty31', $policySettings.UserSettings.l_empty31) + $complexUserSettings.Add('L_OOMFormula', $policySettings.UserSettings.l_OOMFormula) + $complexUserSettings.Add('L_OOMFormula_Setting', $policySettings.UserSettings.l_OOMFormula_Setting) + $complexUserSettings.Add('L_AuthenticationwithExchangeServer', $policySettings.UserSettings.l_AuthenticationwithExchangeServer) + $complexUserSettings.Add('L_SelecttheauthenticationwithExchangeserver', $policySettings.UserSettings.l_SelecttheauthenticationwithExchangeserver) + $complexUserSettings.Add('L_EnableRPCEncryption', $policySettings.UserSettings.l_EnableRPCEncryption) + $complexUserSettings.Add('L_Enablelinksinemailmessages', $policySettings.UserSettings.l_Enablelinksinemailmessages) + $complexUserSettings.Add('L_OOMAddressBook', $policySettings.UserSettings.l_OOMAddressBook) + $complexUserSettings.Add('L_OOMAddressBook_Setting', $policySettings.UserSettings.l_OOMAddressBook_Setting) + $complexUserSettings.Add('L_OutlookSecurityPolicy', $policySettings.UserSettings.l_OutlookSecurityPolicy) + $complexUserSettings.Add('L_AllowUsersToLowerAttachments', $policySettings.UserSettings.l_AllowUsersToLowerAttachments) + $complexUserSettings.Add('L_AllowActiveXOneOffForms', $policySettings.UserSettings.l_AllowActiveXOneOffForms) + $complexUserSettings.Add('L_empty29', $policySettings.UserSettings.l_empty29) + $complexUserSettings.Add('L_EnableScriptsInOneOffForms', $policySettings.UserSettings.l_EnableScriptsInOneOffForms) + $complexUserSettings.Add('L_Level2RemoveFilePolicy', $policySettings.UserSettings.l_Level2RemoveFilePolicy) + $complexUserSettings.Add('L_removedextensions25', $policySettings.UserSettings.l_removedextensions25) + $complexUserSettings.Add('L_MSGUnicodeformatwhendraggingtofilesystem', $policySettings.UserSettings.l_MSGUnicodeformatwhendraggingtofilesystem) + $complexUserSettings.Add('L_OnExecuteCustomActionOOM', $policySettings.UserSettings.l_OnExecuteCustomActionOOM) + $complexUserSettings.Add('L_OnExecuteCustomActionOOM_Setting', $policySettings.UserSettings.l_OnExecuteCustomActionOOM_Setting) + $complexUserSettings.Add('L_DisableOutlookobjectmodelscriptsforpublicfolders', $policySettings.UserSettings.l_DisableOutlookobjectmodelscriptsforpublicfolders) + $complexUserSettings.Add('L_BlockInternet', $policySettings.UserSettings.l_BlockInternet) + $complexUserSettings.Add('L_SecurityLevelOutlook', $policySettings.UserSettings.l_SecurityLevelOutlook) + $complexUserSettings.Add('L_SecurityLevel', $policySettings.UserSettings.l_SecurityLevel) + $complexUserSettings.Add('L_Level1RemoveFilePolicy', $policySettings.UserSettings.l_Level1RemoveFilePolicy) + $complexUserSettings.Add('L_RemovedExtensions', $policySettings.UserSettings.l_RemovedExtensions) + $complexUserSettings.Add('L_SignatureWarning', $policySettings.UserSettings.l_SignatureWarning) + $complexUserSettings.Add('L_signaturewarning30', $policySettings.UserSettings.l_signaturewarning30) + $complexUserSettings.Add('L_Level1Attachments', $policySettings.UserSettings.l_Level1Attachments) + $complexUserSettings.Add('L_Minimumencryptionsettings', $policySettings.UserSettings.l_Minimumencryptionsettings) + $complexUserSettings.Add('L_Minimumkeysizeinbits', $policySettings.UserSettings.l_Minimumkeysizeinbits) + $complexUserSettings.Add('L_DisableOutlookobjectmodelscripts', $policySettings.UserSettings.l_DisableOutlookobjectmodelscripts) + $complexUserSettings.Add('L_OOMSaveAs', $policySettings.UserSettings.l_OOMSaveAs) + $complexUserSettings.Add('L_OOMSaveAs_Setting', $policySettings.UserSettings.l_OOMSaveAs_Setting) + $complexUserSettings.Add('L_JunkEmailprotectionlevel', $policySettings.UserSettings.l_JunkEmailprotectionlevel) + $complexUserSettings.Add('L_Selectlevel', $policySettings.UserSettings.l_Selectlevel) + $complexUserSettings.Add('L_RunPrograms', $policySettings.UserSettings.l_RunPrograms) + $complexUserSettings.Add('L_RunPrograms_L_Empty', $policySettings.UserSettings.l_RunPrograms_L_Empty) + $complexUserSettings.Add('L_Determinewhethertoforceencryptedppt', $policySettings.UserSettings.l_Determinewhethertoforceencryptedppt) + $complexUserSettings.Add('L_DeterminewhethertoforceencryptedpptDropID', $policySettings.UserSettings.l_DeterminewhethertoforceencryptedpptDropID) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles', $policySettings.UserSettings.l_PowerPoint972003PresentationsShowsTemplatesandAddInFiles) + $complexUserSettings.Add('L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID', $policySettings.UserSettings.l_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('L_empty3', $policySettings.UserSettings.l_empty3) + $complexUserSettings.Add('MicrosoftPowerPoint_Security_L_TurnOffFileValidation', $policySettings.UserSettings.microsoftPowerPoint_Security_L_TurnOffFileValidation) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty', $policySettings.UserSettings.microsoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty) + $complexUserSettings.Add('L_PublisherAutomationSecurityLevel', $policySettings.UserSettings.l_PublisherAutomationSecurityLevel) + $complexUserSettings.Add('L_PublisherAutomationSecurityLevel_L_Empty', $policySettings.UserSettings.l_PublisherAutomationSecurityLevel_L_Empty) + $complexUserSettings.Add('MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('L_empty0', $policySettings.UserSettings.l_empty0) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('L_Visio2000Files', $policySettings.UserSettings.l_Visio2000Files) + $complexUserSettings.Add('L_Visio2000FilesDropID', $policySettings.UserSettings.l_Visio2000FilesDropID) + $complexUserSettings.Add('L_Visio2003Files', $policySettings.UserSettings.l_Visio2003Files) + $complexUserSettings.Add('L_Visio2003FilesDropID', $policySettings.UserSettings.l_Visio2003FilesDropID) + $complexUserSettings.Add('L_Visio50AndEarlierFiles', $policySettings.UserSettings.l_Visio50AndEarlierFiles) + $complexUserSettings.Add('L_Visio50AndEarlierFilesDropID', $policySettings.UserSettings.l_Visio50AndEarlierFilesDropID) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty', $policySettings.UserSettings.microsoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet', $policySettings.UserSettings.microsoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned', $policySettings.UserSettings.microsoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned) + $complexUserSettings.Add('L_AllowDDE', $policySettings.UserSettings.l_AllowDDE) + $complexUserSettings.Add('L_AllowDDEDropID', $policySettings.UserSettings.l_AllowDDEDropID) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior', $policySettings.UserSettings.microsoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID', $policySettings.UserSettings.microsoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID) + $complexUserSettings.Add('L_Word2AndEarlierBinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word2AndEarlierBinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word2AndEarlierBinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word2000BinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word2000BinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word2000BinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word2000BinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word2003BinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word2003BinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word2003BinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word2003BinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word2007AndLaterBinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word2007AndLaterBinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word2007AndLaterBinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word6Pt0BinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word6Pt0BinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word6Pt0BinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word6Pt0BinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word95BinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word95BinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word95BinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word95BinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_Word97BinaryDocumentsAndTemplates', $policySettings.UserSettings.l_Word97BinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_Word97BinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_Word97BinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('L_WordXPBinaryDocumentsAndTemplates', $policySettings.UserSettings.l_WordXPBinaryDocumentsAndTemplates) + $complexUserSettings.Add('L_WordXPBinaryDocumentsAndTemplatesDropID', $policySettings.UserSettings.l_WordXPBinaryDocumentsAndTemplatesDropID) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook', $policySettings.UserSettings.microsoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned', $policySettings.UserSettings.microsoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2', $policySettings.UserSettings.microsoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2) + $complexUserSettings.Add('L_DeterminewhethertoforceencryptedWord', $policySettings.UserSettings.l_DeterminewhethertoforceencryptedWord) + $complexUserSettings.Add('L_DeterminewhethertoforceencryptedWordDropID', $policySettings.UserSettings.l_DeterminewhethertoforceencryptedWordDropID) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy', $policySettings.UserSettings.microsoftWord_Security_TrustCenter_L_VBAWarningsPolicy) + $complexUserSettings.Add('L_empty19', $policySettings.UserSettings.l_empty19) + $complexUserSettings.Add('MicrosoftWord_Security_L_TurnOffFileValidation', $policySettings.UserSettings.microsoftWord_Security_L_TurnOffFileValidation) + $complexUserSettings.Add('MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork', $policySettings.UserSettings.microsoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork) + if ($complexUserSettings.values.Where({$null -ne $_}).Count -eq 0) + { + $complexUserSettings = $null + } + $policySettings.Remove('UserSettings') | Out-Null + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.Name + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id + DeviceSettings = $complexDeviceSettings + UserSettings = $complexUserSettings + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + $results += $policySettings + + $assignmentsValues = Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $assignmentsValues -IncludeDeviceFilter $true + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $templateReferenceId = '90316f12-246d-44c6-a767-f87692e86083_2' + $platforms = 'windows10' + $technologies = 'mdm' + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Security Baseline Microsoft365 Apps For Enterprise with Name {$DisplayName}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId ` + -ContainsDeviceAndUserSettings + + $createParameters = @{ + Name = $DisplayName + Description = $Description + TemplateReference = @{ templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings + } + + #region resource generator code + $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters + + if ($policy.Id) + { + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$($currentInstance.Id)}" + $BoundParameters.Remove("Assignments") | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId ` + -ContainsDeviceAndUserSettings + + Update-IntuneDeviceConfigurationPolicy ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Name $DisplayName ` + -Description $Description ` + -TemplateReferenceId $templateReferenceId ` + -Platforms $platforms ` + -Technologies $technologies ` + -Settings $settings + + #region resource generator code + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Security Baseline Microsoft365 Apps For Enterprise with Id {$Id} and Name {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + [Hashtable]$ValuesToCheck = @{} + $MyInvocation.MyCommand.Parameters.GetEnumerator() | ForEach-Object { + if ($_.Key -notlike '*Variable' -or $_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction')) + { + if ($null -ne $CurrentValues[$_.Key] -or $null -ne $PSBoundParameters[$_.Key]) + { + $ValuesToCheck.Add($_.Key, $null) + if (-not $PSBoundParameters.ContainsKey($_.Key)) + { + $PSBoundParameters.Add($_.Key, $null) + } + } + } + } + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) -Verbose + + if (-not $testResult) + { + Write-Verbose "$key is different" -Verbose + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + $policyTemplateID = "90316f12-246d-44c6-a767-f87692e86083_2" + [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter $Filter ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { + $_.TemplateReference.TemplateId -eq $policyTemplateID + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + elseif (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.DeviceSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DeviceSettings ` + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DeviceSettings = $complexTypeStringResult + } + else + { + $Results.Remove('DeviceSettings') | Out-Null + } + } + if ($null -ne $Results.UserSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.UserSettings ` + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.UserSettings = $complexTypeStringResult + } + else + { + $Results.Remove('UserSettings') | Out-Null + } + } + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.DeviceSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DeviceSettings" -IsCIMArray:$False + } + if ($Results.UserSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "UserSettings" -IsCIMArray:$False + } + + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -IsCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.schema.mof new file mode 100644 index 0000000000..a7811bfc7d --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise.schema.mof @@ -0,0 +1,476 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise +{ + [Write, Description("Block Flash activation in Office documents (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_A001_Block_Flash; + [Write, Description("Block Flash player in Office (Device) - Depends on Pol_SecGuide_A001_Block_Flash (block all flash activation: Block all activation, block embedded flash activation only: Block embedding/linking, allow other activation, allow all flash activation: Allow all activation)"), ValueMap{"block all flash activation", "block embedded flash activation only", "allow all flash activation"}, Values{"block all flash activation", "block embedded flash activation only", "allow all flash activation"}] String Pol_SecGuide_Block_Flash; + [Write, Description("Restrict legacy JScript execution for Office (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_Legacy_JScript; + [Write, Description("PowerPoint: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_powerpnt; + [Write, Description("OneNote: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_onenote; + [Write, Description("Publisher: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_mspub; + [Write, Description("Access: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_msaccess; + [Write, Description("Project: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_winproj; + [Write, Description("Visio: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_visio; + [Write, Description("Outlook: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_outlook; + [Write, Description("Word: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_winword; + [Write, Description("Excel: (Device) - Depends on Pol_SecGuide_Legacy_JScript")] SInt32 POL_SG_excel; + [Write, Description("Configure SIP security mode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_PolicyEnableSIPHighSecurityMode; + [Write, Description("Disable HTTP fallback for SIP connection (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_PolicyDisableHttpConnect; + [Write, Description("Add-on Management (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AddonManagement; + [Write, Description("powerpnt.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe17; + [Write, Description("excel.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe15; + [Write, Description("visio.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe19; + [Write, Description("onent.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe26; + [Write, Description("outlook.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe22; + [Write, Description("pptview.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe18; + [Write, Description("winword.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe21; + [Write, Description("exprwd.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe24; + [Write, Description("spDesign.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe23; + [Write, Description("winproj.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe20; + [Write, Description("groove.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe14; + [Write, Description("mspub.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe16; + [Write, Description("mse7.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe27; + [Write, Description("msaccess.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe25; + [Write, Description("Consistent Mime Handling (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_ConsistentMimeHandling; + [Write, Description("excel.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe43; + [Write, Description("spDesign.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe51; + [Write, Description("onent.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe54; + [Write, Description("outlook.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe50; + [Write, Description("pptview.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe46; + [Write, Description("mspub.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe44; + [Write, Description("visio.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe47; + [Write, Description("winproj.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe48; + [Write, Description("msaccess.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe53; + [Write, Description("powerpnt.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe45; + [Write, Description("groove.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe42; + [Write, Description("mse7.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe55; + [Write, Description("winword.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe49; + [Write, Description("exprwd.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe52; + [Write, Description("Disable user name and password (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Disableusernameandpassword; + [Write, Description("excel.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe127; + [Write, Description("groove.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe126; + [Write, Description("onent.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe138; + [Write, Description("mse7.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe139; + [Write, Description("mspub.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe128; + [Write, Description("visio.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe131; + [Write, Description("exprwd.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe136; + [Write, Description("msaccess.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe137; + [Write, Description("spDesign.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe135; + [Write, Description("winword.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe133; + [Write, Description("powerpnt.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe129; + [Write, Description("outlook.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe134; + [Write, Description("winproj.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe132; + [Write, Description("pptview.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe130; + [Write, Description("Information Bar (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Informationbar; + [Write, Description("excel.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe113; + [Write, Description("mspub.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe114; + [Write, Description("msaccess.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe123; + [Write, Description("onent.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe124; + [Write, Description("outlook.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe120; + [Write, Description("winproj.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe118; + [Write, Description("powerpnt.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe115; + [Write, Description("spDesign.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe121; + [Write, Description("groove.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe112; + [Write, Description("visio.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe117; + [Write, Description("mse7.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe125; + [Write, Description("winword.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe119; + [Write, Description("exprwd.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe122; + [Write, Description("pptview.exe (Device) - Depends on L_Informationbar (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe116; + [Write, Description("Local Machine Zone Lockdown Security (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_LocalMachineZoneLockdownSecurity; + [Write, Description("mse7.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe41; + [Write, Description("powerpnt.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe31; + [Write, Description("mspub.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe30; + [Write, Description("outlook.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe36; + [Write, Description("pptview.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe32; + [Write, Description("excel.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe29; + [Write, Description("exprwd.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe38; + [Write, Description("groove.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe28; + [Write, Description("winword.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe35; + [Write, Description("msaccess.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe39; + [Write, Description("spDesign.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe37; + [Write, Description("visio.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe33; + [Write, Description("onent.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe40; + [Write, Description("winproj.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe34; + [Write, Description("Mime Sniffing Safety Feature (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_MimeSniffingSafetyFature; + [Write, Description("powerpnt.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe59; + [Write, Description("exprwd.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe66; + [Write, Description("groove.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe56; + [Write, Description("visio.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe61; + [Write, Description("outlook.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe64; + [Write, Description("mspub.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe58; + [Write, Description("mse7.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe69; + [Write, Description("msaccess.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe67; + [Write, Description("pptview.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe60; + [Write, Description("winproj.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe62; + [Write, Description("spDesign.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe65; + [Write, Description("onent.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe68; + [Write, Description("winword.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe63; + [Write, Description("excel.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe57; + [Write, Description("Navigate URL (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NavigateURL; + [Write, Description("spDesign.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe177; + [Write, Description("onent.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe180; + [Write, Description("pptview.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe172; + [Write, Description("outlook.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe176; + [Write, Description("winproj.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe174; + [Write, Description("msaccess.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe179; + [Write, Description("winword.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe175; + [Write, Description("excel.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe169; + [Write, Description("mspub.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe170; + [Write, Description("exprwd.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe178; + [Write, Description("powerpnt.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe171; + [Write, Description("visio.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe173; + [Write, Description("mse7.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe181; + [Write, Description("groove.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe168; + [Write, Description("Object Caching Protection (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_ObjectCachingProtection; + [Write, Description("winword.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe77; + [Write, Description("powerpnt.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe73; + [Write, Description("spDesign.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe79; + [Write, Description("mse7.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe83; + [Write, Description("mspub.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe72; + [Write, Description("msaccess.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe81; + [Write, Description("onent.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe82; + [Write, Description("outlook.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe78; + [Write, Description("groove.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe70; + [Write, Description("excel.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe71; + [Write, Description("visio.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe75; + [Write, Description("pptview.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe74; + [Write, Description("winproj.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe76; + [Write, Description("exprwd.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe80; + [Write, Description("Protection From Zone Elevation (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_ProtectionFromZoneElevation; + [Write, Description("mspub.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe100; + [Write, Description("visio.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe103; + [Write, Description("powerpnt.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe101; + [Write, Description("excel.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe99; + [Write, Description("mse7.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe111; + [Write, Description("winword.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe105; + [Write, Description("exprwd.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe108; + [Write, Description("msaccess.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe109; + [Write, Description("spDesign.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe107; + [Write, Description("onent.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe110; + [Write, Description("pptview.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe102; + [Write, Description("winproj.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe104; + [Write, Description("groove.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe98; + [Write, Description("outlook.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe106; + [Write, Description("Restrict ActiveX Install (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_RestrictActiveXInstall; + [Write, Description("mse7.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe; + [Write, Description("powerpnt.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe; + [Write, Description("spDesign.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spDesignexe; + [Write, Description("onent.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe; + [Write, Description("excel.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe; + [Write, Description("mspub.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe; + [Write, Description("visio.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe; + [Write, Description("exprwd.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe; + [Write, Description("outlook.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe; + [Write, Description("pptview.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe; + [Write, Description("winproj.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe; + [Write, Description("winword.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe; + [Write, Description("groove.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe; + [Write, Description("msaccess.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe; + [Write, Description("Restrict File Download (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_RestrictFileDownload; + [Write, Description("visio.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe5; + [Write, Description("winproj.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe6; + [Write, Description("msaccess.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe11; + [Write, Description("spDesign.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe9; + [Write, Description("excel.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe1; + [Write, Description("powerpnt.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe3; + [Write, Description("mspub.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe2; + [Write, Description("exprwd.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe10; + [Write, Description("outlook.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe8; + [Write, Description("pptview.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe4; + [Write, Description("winword.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe7; + [Write, Description("onent.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe12; + [Write, Description("mse7.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe13; + [Write, Description("groove.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe0; + [Write, Description("Saved from URL (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_SavedfromURL; + [Write, Description("pptview.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe158; + [Write, Description("exprwd.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe164; + [Write, Description("mse7.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe167; + [Write, Description("spDesign.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe163; + [Write, Description("winproj.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe160; + [Write, Description("mspub.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe156; + [Write, Description("visio.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe159; + [Write, Description("winword.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe161; + [Write, Description("msaccess.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe165; + [Write, Description("onent.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe166; + [Write, Description("outlook.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe162; + [Write, Description("groove.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe154; + [Write, Description("excel.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe155; + [Write, Description("powerpnt.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe157; + [Write, Description("Scripted Window Security Restrictions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_ScriptedWindowSecurityRestrictions; + [Write, Description("exprwd.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_exprwdexe94; + [Write, Description("mse7.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mse7exe97; + [Write, Description("mspub.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_mspubexe86; + [Write, Description("outlook.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_outlookexe92; + [Write, Description("msaccess.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_msaccessexe95; + [Write, Description("powerpnt.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_powerpntexe87; + [Write, Description("groove.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_grooveexe84; + [Write, Description("excel.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_excelexe85; + [Write, Description("pptview.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_pptviewexe88; + [Write, Description("spDesign.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_spdesignexe93; + [Write, Description("visio.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_visioexe89; + [Write, Description("onent.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_onenoteexe96; + [Write, Description("winproj.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winprojexe90; + [Write, Description("winword.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_winwordexe91; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise +{ + [Write, Description("Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty; + [Write, Description("Do not show data extraction options when opening corrupt workbooks (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks; + [Write, Description("Ask to update automatic links (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Asktoupdateautomaticlinks; + [Write, Description("Load pictures from Web pages not created in Excel (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_LoadpicturesfromWebpagesnotcreatedinExcel; + [Write, Description("Disable AutoRepublish (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableAutoRepublish; + [Write, Description("Do not show AutoRepublish warning alert (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DoNotShowAutoRepublishWarningAlert; + [Write, Description("Force file extension to match file type (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Forcefileextenstionstomatch; + [Write, Description(" - Depends on L_Forcefileextenstionstomatch (0: Allow different, 1: Allow different, but warn, 2: Always match file type)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_Forcefileextenstionstomatch_L_Empty; + [Write, Description("Scan encrypted macros in Excel Open XML workbooks (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DeterminewhethertoforceencryptedExcel; + [Write, Description(" - Depends on L_DeterminewhethertoforceencryptedExcel (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_DeterminewhethertoforceencryptedExcelDropID; + [Write, Description("Block Excel XLL Add-ins that come from an untrusted source (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_BlockXLLFromInternet; + [Write, Description(" - Depends on L_BlockXLLFromInternet (1: Block, 0: Show Additional Warning, 2: Allow)"), ValueMap{"1", "0", "2"}, Values{"1", "0", "2"}] String L_BlockXLLFromInternetEnum; + [Write, Description("Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Always prevent untrusted Microsoft Query files from opening (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_EnableBlockUnsecureQueryFiles; + [Write, Description("dBase III / IV files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DBaseIIIANDIVFiles; + [Write, Description("File block setting: (User) - Depends on L_DBaseIIIANDIVFiles (0: Do not block, 2: Open/Save blocked, use open policy)"), ValueMap{"0", "2"}, Values{"0", "2"}] String L_DBaseIIIANDIVFilesDropID; + [Write, Description("Dif and Sylk files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DifAndSylkFiles; + [Write, Description("File block setting: (User) - Depends on L_DifAndSylkFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_DifAndSylkFilesDropID; + [Write, Description("Excel 2 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel2MacrosheetsAndAddInFiles; + [Write, Description("File block setting: (User) - Depends on L_Excel2MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel2MacrosheetsAndAddInFilesDropID; + [Write, Description("Excel 2 worksheets (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel2Worksheets; + [Write, Description("File block setting: (User) - Depends on L_Excel2Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel2WorksheetsDropID; + [Write, Description("Excel 3 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel3MacrosheetsAndAddInFiles; + [Write, Description("File block setting: (User) - Depends on L_Excel3MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel3MacrosheetsAndAddInFilesDropID; + [Write, Description("Excel 3 worksheets (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel3Worksheets; + [Write, Description("File block setting: (User) - Depends on L_Excel3Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel3WorksheetsDropID; + [Write, Description("Excel 4 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel4MacrosheetsAndAddInFiles; + [Write, Description("File block setting: (User) - Depends on L_Excel4MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel4MacrosheetsAndAddInFilesDropID; + [Write, Description("Excel 4 workbooks (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel4Workbooks; + [Write, Description("File block setting: (User) - Depends on L_Excel4Workbooks (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel4WorkbooksDropID; + [Write, Description("Excel 4 worksheets (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel4Worksheets; + [Write, Description("File block setting: (User) - Depends on L_Excel4Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel4WorksheetsDropID; + [Write, Description("Excel 95 workbooks (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel95Workbooks; + [Write, Description("File block setting: (User) - Depends on L_Excel95Workbooks (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String L_Excel95WorkbooksDropID; + [Write, Description("Excel 95-97 workbooks and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel9597WorkbooksAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Excel9597WorkbooksAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Excel9597WorkbooksAndTemplatesDropID; + [Write, Description("Excel 97-2003 workbooks and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Excel972003WorkbooksAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Excel972003WorkbooksAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String L_Excel972003WorkbooksAndTemplatesDropID; + [Write, Description("Set default file block behavior (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior; + [Write, Description(" - Depends on MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID; + [Write, Description("Web pages and Excel 2003 XML spreadsheets (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_WebPagesAndExcel2003XMLSpreadsheets; + [Write, Description("File block setting: (User) - Depends on L_WebPagesAndExcel2003XMLSpreadsheets (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String L_WebPagesAndExcel2003XMLSpreadsheetsDropID; + [Write, Description("Prevent Excel from running XLM macros (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_XL4KillSwitchPolicy; + [Write, Description("Always open untrusted database files in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_EnableDataBaseFileProtectedView; + [Write, Description("Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView; + [Write, Description("Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView; + [Write, Description("Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails; + [Write, Description("Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3; + [Write, Description(" - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID; + [Write, Description("Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable VBA macros with notification, 3: Disable VBA macros except digitally signed macros, 4: Disable VBA macros without notification, 1: Enable VBA macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String L_empty4; + [Write, Description("Turn off file validation (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftExcel_Security_L_TurnOffFileValidation; + [Write, Description("WEBSERVICE Function Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_WebContentWarningLevel; + [Write, Description(" - Depends on L_WebContentWarningLevel (0: Enable all WEBSERVICE functions (not recommended), 1: Disable all with notification, 2: Disable all without notification)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_WebContentWarningLevelValue; + [Write, Description("Disable UI extending from documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicy; + [Write, Description("Disallow in Word (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyWord; + [Write, Description("Disallow in Excel (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyExcel; + [Write, Description("Disallow in Visio (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyVisio; + [Write, Description("Disallow in PowerPoint (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint; + [Write, Description("Disallow in Publisher (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyPublisher; + [Write, Description("Disallow in Outlook (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyOutlook; + [Write, Description("Disallow in Project (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyProject; + [Write, Description("Disallow in Access (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyAccess; + [Write, Description("Disallow in InfoPath (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath; + [Write, Description("ActiveX Control Initialization (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_ActiveXControlInitialization; + [Write, Description("ActiveX Control Initialization: (User) - Depends on L_ActiveXControlInitialization (1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6)"), ValueMap{"1", "2", "3", "4", "5", "6"}, Values{"1", "2", "3", "4", "5", "6"}] String L_ActiveXControlInitializationcolon; + [Write, Description("Allow Basic Authentication prompts from network proxies (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_BasicAuthProxyBehavior; + [Write, Description("Allow VBA to load typelib references by path from untrusted intranet locations (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AllowVbaIntranetRefs; + [Write, Description("Automation Security (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AutomationSecurity; + [Write, Description("Set the Automation Security level (User) - Depends on L_AutomationSecurity (3: Disable macros by default, 2: Use application macro security level, 1: Macros enabled (default))"), ValueMap{"3", "2", "1"}, Values{"3", "2", "1"}] String L_SettheAutomationSecuritylevel; + [Write, Description("Control how Office handles form-based sign-in prompts (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AuthenticationFBABehavior; + [Write, Description("Specify hosts allowed to show form-based sign-in prompts to users: (User) - Depends on L_AuthenticationFBABehavior")] String L_AuthenticationFBAEnabledHostsID; + [Write, Description("Behavior: (User) - Depends on L_AuthenticationFBABehavior (1: Block all prompts, 2: Ask the user what to do for each new host, 3: Show prompts only from allowed hosts)"), ValueMap{"1", "2", "3"}, Values{"1", "2", "3"}] String L_authenticationFBABehaviorEnum; + [Write, Description("Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableStrictVbaRefsSecurityPolicy; + [Write, Description("Disable all Trust Bar notifications for security issues (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableallTrustBarnotificationsfor; + [Write, Description("Encryption mode for Information Rights Management (IRM) (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Encryptiontypeforirm; + [Write, Description("IRM Encryption Mode: (User) - Depends on L_Encryptiontypeforirm (1: Cipher Block Chaining (CBC), 2: Electronic Codebook (ECB))"), ValueMap{"1", "2"}, Values{"1", "2"}] String L_Encryptiontypeforirmcolon; + [Write, Description("Encryption type for password protected Office 97-2003 files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Encryptiontypeforpasswordprotectedoffice972003; + [Write, Description("Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedoffice972003")] String L_encryptiontypecolon318; + [Write, Description("Encryption type for password protected Office Open XML files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Encryptiontypeforpasswordprotectedofficeopen; + [Write, Description("Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedofficeopen")] String L_Encryptiontypecolon; + [Write, Description("Load Controls in Forms3 (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_LoadControlsinForms3; + [Write, Description("Load Controls in Forms3: (User) - Depends on L_LoadControlsinForms3 (1: 1, 2: 2, 3: 3, 4: 4)"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] String L_LoadControlsinForms3colon; + [Write, Description("Macro Runtime Scan Scope (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_MacroRuntimeScanScope; + [Write, Description(" - Depends on L_MacroRuntimeScanScope (0: Disable for all documents, 1: Enable for low trust documents, 2: Enable for all documents)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_MacroRuntimeScanScopeEnum; + [Write, Description("Protect document metadata for rights managed Office Open XML Files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Protectdocumentmetadataforrightsmanaged; + [Write, Description("Allow mix of policy and user locations (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Allowmixofpolicyanduserlocations; + [Write, Description("Disable the Office client from polling the SharePoint Server for published links (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisabletheOfficeclientfrompolling; + [Write, Description("Disable Smart Document's use of manifests (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableSmartDocumentsuseofmanifests; + [Write, Description("Outlook Security Mode (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OutlookSecurityMode; + [Write, Description("Configure Outlook object model prompt when reading address information (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMAddressAccess; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMAddressAccess_Setting; + [Write, Description("Configure Outlook object model prompt when responding to meeting and task requests (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMMeetingTaskRequest; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMMeetingTaskRequest_Setting; + [Write, Description("Configure Outlook object model prompt when sending mail (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMSend; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMSend_Setting; + [Write, Description("Prevent users from customizing attachment security settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Preventusersfromcustomizingattachmentsecuritysettings; + [Write, Description("Retrieving CRLs (Certificate Revocation Lists) (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_RetrievingCRLsCertificateRevocationLists; + [Write, Description(" (0: Use system Default, 1: When online always retreive the CRL, 2: Never retreive the CRL)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_empty31; + [Write, Description("Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMFormula; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMFormula_Setting; + [Write, Description("Authentication with Exchange Server (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AuthenticationwithExchangeServer; + [Write, Description("Select the authentication with Exchange server. (User) (9: Kerberos/NTLM Password Authentication, 16: Kerberos Password Authentication, 10: NTLM Password Authentication, 2147545088: Insert a smart card)"), ValueMap{"9", "16", "10", "2147545088"}, Values{"9", "16", "10", "2147545088"}] String L_SelecttheauthenticationwithExchangeserver; + [Write, Description("Enable RPC encryption (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_EnableRPCEncryption; + [Write, Description("Allow hyperlinks in suspected phishing e-mail messages (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Enablelinksinemailmessages; + [Write, Description("Configure Outlook object model prompt when accessing an address book (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMAddressBook; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMAddressBook_Setting; + [Write, Description("Outlook Security Policy: (User) - Depends on L_OutlookSecurityMode (0: Outlook Default Security, 1: Use Security Form from 'Outlook Security Settings' Public Folder, 2: Use Security Form from 'Outlook 10 Security Settings' Public Folder, 3: Use Outlook Security Group Policy)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String L_OutlookSecurityPolicy; + [Write, Description("Allow users to demote attachments to Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AllowUsersToLowerAttachments; + [Write, Description("Allow Active X One Off Forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AllowActiveXOneOffForms; + [Write, Description("Sets which ActiveX controls to allow. (0: Load only Outlook Controls, 1: Allows only Safe Controls, 2: Allows all ActiveX Controls)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_empty29; + [Write, Description("Allow scripts in one-off Outlook forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_EnableScriptsInOneOffForms; + [Write, Description("Remove file extensions blocked as Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Level2RemoveFilePolicy; + [Write, Description("Removed Extensions: (User)")] String L_removedextensions25; + [Write, Description("Use Unicode format when dragging e-mail message to file system (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_MSGUnicodeformatwhendraggingtofilesystem; + [Write, Description("Set Outlook object model custom actions execution prompt (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OnExecuteCustomActionOOM; + [Write, Description("When executing a custom action: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OnExecuteCustomActionOOM_Setting; + [Write, Description("Do not allow Outlook object model scripts to run for public folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableOutlookobjectmodelscriptsforpublicfolders; + [Write, Description("Include Internet in Safe Zones for Automatic Picture Download (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_BlockInternet; + [Write, Description("Security setting for macros (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_SecurityLevelOutlook; + [Write, Description("Security Level (User) (2: Always warn, 4: Never warn, disable all, 3: Warn for signed, disable unsigned, 1: No security check)"), ValueMap{"2", "4", "3", "1"}, Values{"2", "4", "3", "1"}] String L_SecurityLevel; + [Write, Description("Remove file extensions blocked as Level 1 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Level1RemoveFilePolicy; + [Write, Description("Removed Extensions: (User)")] String L_RemovedExtensions; + [Write, Description("Signature Warning (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_SignatureWarning; + [Write, Description("Signature Warning (User) (0: Let user decide if they want to be warned, 1: Always warn about invalid signatures, 2: Never warn about invalid signatures)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_signaturewarning30; + [Write, Description("Display Level 1 attachments (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Level1Attachments; + [Write, Description("Minimum encryption settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Minimumencryptionsettings; + [Write, Description("Minimum key size (in bits): (User)")] SInt32 L_Minimumkeysizeinbits; + [Write, Description("Do not allow Outlook object model scripts to run for shared folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DisableOutlookobjectmodelscripts; + [Write, Description("Configure Outlook object model prompt when executing Save As (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_OOMSaveAs; + [Write, Description("Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)"), ValueMap{"1", "2", "0", "3"}, Values{"1", "2", "0", "3"}] String L_OOMSaveAs_Setting; + [Write, Description("Junk E-mail protection level (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_JunkEmailprotectionlevel; + [Write, Description("Select level: (User) (4294967295: No Protection, 6: Low (Default), 3: High, 2147483648: Trusted Lists Only)"), ValueMap{"4294967295", "6", "3", "2147483648"}, Values{"4294967295", "6", "3", "2147483648"}] String L_Selectlevel; + [Write, Description("Run Programs (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_RunPrograms; + [Write, Description(" - Depends on L_RunPrograms (0: disable (don't run any programs), 1: enable (prompt user before running), 2: enable all (run without prompting))"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_RunPrograms_L_Empty; + [Write, Description("Scan encrypted macros in PowerPoint Open XML presentations (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Determinewhethertoforceencryptedppt; + [Write, Description(" - Depends on L_Determinewhethertoforceencryptedppt (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_DeterminewhethertoforceencryptedpptDropID; + [Write, Description("Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("PowerPoint 97-2003 presentations, shows, templates and add-in files (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles; + [Write, Description("File block setting: (User) - Depends on L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID; + [Write, Description("Set default file block behavior (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior; + [Write, Description(" - Depends on MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID; + [Write, Description("Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView; + [Write, Description("Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView; + [Write, Description("Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails; + [Write, Description("Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3; + [Write, Description(" - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID; + [Write, Description("Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String L_empty3; + [Write, Description("Turn off file validation (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPowerPoint_Security_L_TurnOffFileValidation; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty; + [Write, Description("Publisher Automation Security Level (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_PublisherAutomationSecurityLevel; + [Write, Description(" - Depends on L_PublisherAutomationSecurityLevel (1: Low (enabled), 2: By UI (prompted), 3: High (disabled))"), ValueMap{"1", "2", "3"}, Values{"1", "2", "3"}] String L_PublisherAutomationSecurityLevel_L_Empty; + [Write, Description("Block macros from running in Office files from the internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins (User) - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String L_empty0; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork; + [Write, Description("Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Visio 2000-2002 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Visio2000Files; + [Write, Description("File block setting: (User) - Depends on L_Visio2000Files (0: Do not block, 2: Open/Save blocked)"), ValueMap{"0", "2"}, Values{"0", "2"}] String L_Visio2000FilesDropID; + [Write, Description("Visio 2003-2010 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Visio2003Files; + [Write, Description("File block setting: (User) - Depends on L_Visio2003Files (0: Do not block, 1: Save blocked, 2: Open/Save blocked)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_Visio2003FilesDropID; + [Write, Description("Visio 5.0 or earlier Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Visio50AndEarlierFiles; + [Write, Description("File block setting: (User) - Depends on L_Visio50AndEarlierFiles (0: Do not block, 2: Open/Save blocked)"), ValueMap{"0", "2"}, Values{"0", "2"}] String L_Visio50AndEarlierFilesDropID; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty; + [Write, Description("Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned; + [Write, Description("Dynamic Data Exchange (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_AllowDDE; + [Write, Description("Dynamic Data Exchange setting (User) - Depends on L_AllowDDE (1: Limited Dynamic Data Exchange, 2: Allow Dynamic Data Exchange)"), ValueMap{"1", "2"}, Values{"1", "2"}] String L_AllowDDEDropID; + [Write, Description("Set default file block behavior (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior; + [Write, Description(" - Depends on MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID; + [Write, Description("Word 2 and earlier binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word2AndEarlierBinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word2AndEarlierBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 2000 binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word2000BinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word2000BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word2000BinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 2003 binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word2003BinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word2003BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word2003BinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 2007 and later binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word2007AndLaterBinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word2007AndLaterBinaryDocumentsAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 6.0 binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word6Pt0BinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word6Pt0BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word6Pt0BinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 95 binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word95BinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word95BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word95BinaryDocumentsAndTemplatesDropID; + [Write, Description("Word 97 binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_Word97BinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_Word97BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_Word97BinaryDocumentsAndTemplatesDropID; + [Write, Description("Word XP binary documents and templates (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_WordXPBinaryDocumentsAndTemplates; + [Write, Description("File block setting: (User) - Depends on L_WordXPBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)"), ValueMap{"0", "2", "3", "4", "5"}, Values{"0", "2", "3", "4", "5"}] String L_WordXPBinaryDocumentsAndTemplatesDropID; + [Write, Description("Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView; + [Write, Description("Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView; + [Write, Description("Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails; + [Write, Description(" - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID; + [Write, Description("Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3; + [Write, Description("Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook; + [Write, Description("Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned; + [Write, Description("Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2; + [Write, Description("Scan encrypted macros in Word Open XML documents (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String L_DeterminewhethertoforceencryptedWord; + [Write, Description(" - Depends on L_DeterminewhethertoforceencryptedWord (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String L_DeterminewhethertoforceencryptedWordDropID; + [Write, Description("VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy; + [Write, Description(" - Depends on MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))"), ValueMap{"2", "3", "4", "1"}, Values{"2", "3", "4", "1"}] String L_empty19; + [Write, Description("Turn off file validation (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_L_TurnOffFileValidation; + [Write, Description("Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork; +}; +[ClassVersion("1.0.0.0"), FriendlyName("IntuneSecurityBaselineMicrosoft365AppsForEnterprise")] +class MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise : OMI_BaseResource +{ + [Write, Description("Policy description")] String Description; + [Key, Description("Policy name")] String DisplayName; + [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The policy settings for the device scope"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise")] String DeviceSettings; + [Write, Description("The policy settings for the user scope"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise")] String UserSettings; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/readme.md new file mode 100644 index 0000000000..7e7218c244 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/readme.md @@ -0,0 +1,6 @@ + +# IntuneSecurityBaselineMicrosoft365AppsForEnterprise + +## Description + +Intune Security Baseline Microsoft365 Apps For Enterprise diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json new file mode 100644 index 0000000000..4bda1f09ca --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise/settings.json @@ -0,0 +1,32 @@ +{ + "resourceName":"IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "description":"This resource configures an Intune Security Baseline Microsoft365 Apps For Enterprise.", + "permissions":{ + "graph":{ + "delegated":{ + "read":[ + { + "name":"DeviceManagementConfiguration.Read.All" + } + ], + "update":[ + { + "name":"DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application":{ + "read":[ + { + "name":"DeviceManagementConfiguration.Read.All" + } + ], + "update":[ + { + "name":"DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 index 1bc09914bf..20ecfd0716 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.psm1 @@ -175,10 +175,22 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters - foreach ($user in $Users) + if ($Identity -eq 'Global' -and $Users.Length -eq 1 -and $Users[0] -eq '*') { - Write-Verbose -Message "Granting TeamsUpgradePolicy {$Identity} to User {$user} with MigrateMeetingsToTeams=$MigrateMeetingsToTeams" - Grant-CsTeamsUpgradePolicy -PolicyName $Identity -Identity $user -MigrateMeetingsToTeams:$MigrateMeetingsToTeams + Write-Verbose -Message "Granting TeamsUpgradePolicy {$Identity} to all Users with MigrateMeetingsToTeams=$MigrateMeetingsToTeams" + Grant-CsTeamsUpgradePolicy -PolicyName $Identity ` + -MigrateMeetingsToTeams:$MigrateMeetingsToTeams ` + -Global + } + else + { + foreach ($user in $Users) + { + Write-Verbose -Message "Granting TeamsUpgradePolicy {$Identity} to User {$user} with MigrateMeetingsToTeams=$MigrateMeetingsToTeams" + Grant-CsTeamsUpgradePolicy -PolicyName $Identity ` + -Identity $user ` + -MigrateMeetingsToTeams:$MigrateMeetingsToTeams + } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.schema.mof index 96c8e8e81a..dcd1b3df49 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUpgradePolicy/MSFT_TeamsUpgradePolicy.schema.mof @@ -2,7 +2,7 @@ class MSFT_TeamsUpgradePolicy : OMI_BaseResource { [Key, Description("Identity of the Teams Upgrade Policy.")] String Identity; - [Write, Description("List of users that will be granted the Upgrade Policy to.")] String Users[]; + [Write, Description("List of users that will be granted the Upgrade Policy to. Use value * to apply the policy globally.")] String Users[]; [Write, Description("Specifies whether to move existing Skype for Business meetings organized by the user to Teams. This parameter can only be true if the mode of the specified policy instance is either TeamsOnly or SfBWithTeamsCollabAndMeetings, and if the policy instance is being granted to a specific user. It not possible to trigger meeting migration when granting TeamsUpgradePolicy to the entire tenant.")] Boolean MigrateMeetingsToTeams; [Write, Description("Credentials of the Teams Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/1-Create.ps1 index 13e7d999e7..d5b7854a82 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/1-Create.ps1 @@ -25,12 +25,12 @@ Configuration Example IntuneAccountProtectionPolicyWindows10 'myAccountProtectionPolicy' { DisplayName = 'test' - DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { History = 10 EnablePinRecovery = 'true' } - UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { History = 20 EnablePinRecovery = 'true' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/2-Update.ps1 index 3752c70dd6..4ea17bbc2c 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionPolicyWindows10/2-Update.ps1 @@ -25,12 +25,12 @@ Configuration Example IntuneAccountProtectionPolicyWindows10 'myAccountProtectionPolicy' { DisplayName = 'test' - DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { History = 10 EnablePinRecovery = 'true' } - UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { History = 30 # Updated property EnablePinRecovery = 'true' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 new file mode 100644 index 0000000000..04a9cefe20 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/1-Create.ps1 @@ -0,0 +1,27 @@ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 new file mode 100644 index 0000000000..04a9cefe20 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/2-Update.ps1 @@ -0,0 +1,27 @@ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 new file mode 100644 index 0000000000..4c67edeead --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDerivedCredential/3-Remove.ps1 @@ -0,0 +1,27 @@ +<# This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline. #> +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Absent"; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 index 0241cc86d4..f19c52da7d 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/1-Create.ps1 @@ -39,7 +39,7 @@ Configuration Example PrivacyInformationUrl = ""; Publisher = "Contoso"; Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 index 0ccab66255..f7746f29b1 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppsMacOSLobApp/2-Update.ps1 @@ -38,14 +38,15 @@ Configuration Example Owner = ""; PrivacyInformationUrl = ""; Publisher = "Contoso"; - Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + PublishingState = "published"; + Assignments = @( + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' } - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.groupAssignmentTarget' groupId = '57b5e81c-85bb-4644-a4fd-33b03e451c89' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/1-Create.ps1 new file mode 100644 index 0000000000..4999c28f32 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/1-Create.ps1 @@ -0,0 +1,58 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + L_powerpntexe101 = '1' + L_pptviewexe102 = '1' + L_visioexe103 = '1' + L_winprojexe104 = '1' + L_winwordexe105 = '1' + L_outlookexe106 = '1' + L_spdesignexe107 = '1' + L_exprwdexe108 = '1' + L_msaccessexe109 = '1' + L_onenoteexe110 = '1' + L_mse7exe111 = '1' + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '3' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/2-Update.ps1 new file mode 100644 index 0000000000..9462f97414 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/2-Update.ps1 @@ -0,0 +1,58 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + L_powerpntexe101 = '1' + L_pptviewexe102 = '1' + L_visioexe103 = '1' + L_winprojexe104 = '1' + L_winwordexe105 = '1' + L_outlookexe106 = '1' + L_spdesignexe107 = '1' + L_exprwdexe108 = '1' + L_msaccessexe109 = '1' + L_onenoteexe110 = '1' + L_mse7exe111 = '1' + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '2' # Updated property + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/3-Remove.ps1 new file mode 100644 index 0000000000..b9a8c3c849 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineMicrosoft365AppsForEnterprise/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index d85eaa083e..7a3beda733 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -2146,7 +2146,24 @@ function Get-IntuneSettingCatalogPolicySettingDSCValue # If no parent definition is found, it might have been combined with the OffsetUri if ($null -eq $parentDefinition) { - $definition = Get-SettingDefinitionFromNameWithParentFromOffsetUri -OffsetUriName $key -SettingDefinitions $SettingTemplates.SettingDefinitions + $newKey = $key + switch -wildcard ($newKey) + { + '*TrustCenterTrustedLocations_*' { $newKey = $newKey.Replace('TrustCenterTrustedLocations', 'TrustCenter~L_TrustedLocations') } + '*TrustCenterFileBlockSettings_*' { $newKey = $newKey.Replace('TrustCenterFileBlockSettings', 'TrustCenter~L_FileBlockSettings') } + '*TrustCenterProtectedView_*' { $newKey = $newKey.Replace('TrustCenterProtectedView', 'TrustCenter~L_ProtectedView') } + '*_TrustCenter*' { $newKey = $newKey.Replace('_TrustCenter', '~L_TrustCenter') } + '*_Security_*' { $newKey = $newKey.Replace('Security', '~L_Security') } + 'MicrosoftPublisherV3_*' { $newKey = $newKey.Replace('MicrosoftPublisherV3_', 'pub16v3~Policy~L_MicrosoftOfficePublisher') } + 'MicrosoftPublisherV2_*' { $newKey = $newKey.Replace('MicrosoftPublisherV2_', 'pub16v2~Policy~L_MicrosoftOfficePublisher') } + 'MicrosoftVisio_*' { $newKey = $newKey.Replace('MicrosoftVisio_', 'visio16v2~Policy~L_MicrosoftVisio~L_VisioOptions') } + 'MicrosoftProject_*' { $newKey = $newKey.Replace('MicrosoftProject_', 'proj16v2~Policy~L_Proj~L_ProjectOptions') } + 'MicrosoftPowerPoint_*' { $newKey = $newKey.Replace('MicrosoftPowerPoint_', 'ppt16v2~Policy~L_MicrosoftOfficePowerPoint~L_PowerPointOptions') } + 'MicrosoftWord_*' { $newKey = $newKey.Replace('MicrosoftWord_', 'word16v2~Policy~L_MicrosoftOfficeWord~L_WordOptions') } + 'MicrosoftExcel_*' { $newKey = $newKey.Replace('MicrosoftExcel_', 'excel16v2~Policy~L_MicrosoftOfficeExcel~L_ExcelOptions') } + 'MicrosoftAccess_*' { $newKey = $newKey.Replace('MicrosoftAccess_', 'access16v2~Policy~L_MicrosoftOfficeaccess~L_ApplicationSettings') } + } + $definition = Get-SettingDefinitionFromNameWithParentFromOffsetUri -OffsetUriName $newKey -SettingDefinitions $SettingTemplates.SettingDefinitions if ($null -ne $definition) { $offsetUriFound = $true @@ -2279,18 +2296,31 @@ function Get-SettingDefinitionFromNameWithParentFromOffsetUri $settingName = $OffsetUriName $offsetUriPrefix = "" - foreach ($part in $offsetUriParts) + for ($i = 0; $i -lt $offsetUriParts.Count; $i++) { - if ($settingName -like "*$($part)_*") + $part = $offsetUriParts[$i] + if ($settingName -like "$($part)_*") { $settingName = $settingName.Replace("$($part)_", "") # Add wildcards to match removed parts with invalid characters $offsetUriPrefix += "*$($part)*" + $i = 0 } } - $filteredDefinitions = $SettingDefinitions | Where-Object -FilterScript { - $_.Name -eq $settingName -and $_.OffsetUri -like "*$offsetUriPrefix*" + if ($settingName -eq "v2") + { + $settingName = $offsetUriPrefix.Split("*")[-2] + "_v2" # Add the last element of the offset Uri parts before the v2 + $filteredDefinitions = $SettingDefinitions | Where-Object -FilterScript { + ($_.Id -like "*$settingName" -and $_.Name -eq $settingName.Replace('_v2', '') -and $_.OffsetUri -like "*$offsetUriPrefix*") -or + ($_.Name -eq $settingName -and $_.OffsetUri -like "*$offsetUriPrefix*") + } + } + else + { + $filteredDefinitions = $SettingDefinitions | Where-Object -FilterScript { + $_.Name -eq $settingName -and $_.OffsetUri -like "*$offsetUriPrefix*" + } } if ($filteredDefinitions.Count -eq 1) @@ -2303,6 +2333,7 @@ function Get-SettingDefinitionFromNameWithParentFromOffsetUri foreach ($definition in $filteredDefinitions) { $skip = 0 + $breakCounter = 0 $newSettingName = $settingName do { $previousSettingName = $newSettingName @@ -2313,12 +2344,23 @@ function Get-SettingDefinitionFromNameWithParentFromOffsetUri $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip if ($newName -eq $newSettingName) { - $combinationMatchesWithOffsetUri += $_ + # Exclude v2 versions from the comparison + if ($definition.Id -like "*_v2" -and $_.Id -ne $definition.Id.Replace('_v2', '') -or + $definition.Id -notlike "*_v2" -and $_.Id -ne $definition.Id + "_v2") + { + $combinationMatchesWithOffsetUri += $_ + } } } $settingsWithSameName = $combinationMatchesWithOffsetUri + $breakCounter++ $skip++ - } while ($combinationMatchesWithOffsetUri.Count -gt 1) + } while ($combinationMatchesWithOffsetUri.Count -gt 1 -and $breakCounter -lt 8) + + if ($breakCounter -eq 8) + { + throw "Could not find a unique setting definition for $settingName with parent from OffsetUri $OffsetUriName" + } if ($newSettingName -eq $OffsetUriName) { @@ -2524,7 +2566,12 @@ function Export-IntuneSettingCatalogPolicySettings $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip if ($newName -eq $newSettingName) { - $combinationMatchesWithOffsetUri += $_ + # Exclude v2 versions from the comparison + if ($settingDefinition.Id -like "*_v2" -and $_.Id -ne $settingDefinition.Id.Replace('_v2', '') -or + $settingDefinition.Id -notlike "*_v2" -and $_.Id -ne $settingDefinition.Id + "_v2") + { + $combinationMatchesWithOffsetUri += $_ + } } } $settingsWithSameName = $combinationMatchesWithOffsetUri @@ -2534,6 +2581,10 @@ function Export-IntuneSettingCatalogPolicySettings if ($breakCounter -lt 8) { + if ($settingDefinition.Id -like "*_v2" -and $newSettingName -notlike "*_v2") + { + $newSettingName += "_v2" + } $settingName = $newSettingName } else @@ -2555,6 +2606,24 @@ function Export-IntuneSettingCatalogPolicySettings { $settingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $settingDefinition.OffsetUri -SettingName $settingName } + + # Simplify names from the OffsetUri. This is done to make the names more readable, especially in case of long and complex OffsetUris. + switch -wildcard ($settingName) + { + 'access16v2~Policy~L_MicrosoftOfficeaccess~L_ApplicationSettings~*' { $settingName = $settingName.Replace('access16v2~Policy~L_MicrosoftOfficeaccess~L_ApplicationSettings', 'MicrosoftAccess_') } + 'excel16v2~Policy~L_MicrosoftOfficeExcel~L_ExcelOptions~*' { $settingName = $settingName.Replace('excel16v2~Policy~L_MicrosoftOfficeExcel~L_ExcelOptions', 'MicrosoftExcel_') } + 'word16v2~Policy~L_MicrosoftOfficeWord~L_WordOptions~*' { $settingName = $settingName.Replace('word16v2~Policy~L_MicrosoftOfficeWord~L_WordOptions', 'MicrosoftWord_') } + 'ppt16v2~Policy~L_MicrosoftOfficePowerPoint~L_PowerPointOptions~*' { $settingName = $settingName.Replace('ppt16v2~Policy~L_MicrosoftOfficePowerPoint~L_PowerPointOptions', 'MicrosoftPowerPoint_') } + 'proj16v2~Policy~L_Proj~L_ProjectOptions~*' { $settingName = $settingName.Replace('proj16v2~Policy~L_Proj~L_ProjectOptions', 'MicrosoftProject_') } + 'visio16v2~Policy~L_MicrosoftVisio~L_VisioOptions~*' { $settingName = $settingName.Replace('visio16v2~Policy~L_MicrosoftVisio~L_VisioOptions', 'MicrosoftVisio_') } + 'pub16v2~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v2~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV2_') } + 'pub16v3~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v3~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV3_') } + '*~L_Security~*' { $settingName = $settingName.Replace('~L_Security', 'Security') } + '*~L_TrustCenter*' { $settingName = $settingName.Replace('~L_TrustCenter', '_TrustCenter') } + '*~L_ProtectedView_*' { $settingName = $settingName.Replace('~L_ProtectedView', 'ProtectedView') } + '*~L_FileBlockSettings_*' { $settingName = $settingName.Replace('~L_FileBlockSettings', 'FileBlockSettings') } + '*~L_TrustedLocations*' { $settingName = $settingName.Replace('~L_TrustedLocations', 'TrustedLocations') } + } } $odataType = if ($IsRoot) { $SettingInstance.AdditionalProperties.'@odata.type' } else { $SettingInstance.'@odata.type' } @@ -2712,7 +2781,7 @@ function Update-IntuneDeviceConfigurationPolicy 'settings' = $Settings } $body = $policy | ConvertTo-Json -Depth 20 - #write-verbose -Message $body + #Write-Verbose -Message $body Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body $body -ErrorAction Stop } catch diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 4844f64a3c..0140e55ccc 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -19790,7 +19790,7 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings", + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10", "Parameters": [ { "CIMType": "String", @@ -19860,7 +19860,7 @@ ] }, { - "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings", + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10", "Parameters": [ { "CIMType": "String", @@ -19938,12 +19938,12 @@ "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings", + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10", "Name": "DeviceSettings", "Option": "Write" }, { - "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings", + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10", "Name": "UserSettings", "Option": "Write" }, @@ -21849,6 +21849,81 @@ } ] }, + { + "ClassName": "MSFT_IntuneDerivedCredential", + "Parameters": [ + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "HelpUrl", + "Option": "Write" + }, + { + "CIMType": "Uint32", + "Name": "RenewalThresholdPercentage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Issuer", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotificationType", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneDeviceAndAppManagementAssignmentFilter", "Parameters": [ @@ -35882,6 +35957,11 @@ "Name": "Publisher", "Option": "Write" }, + { + "CIMType": "String", + "Name": "PublishingState", + "Option": "Write" + }, { "CIMType": "String", "Name": "BundleId", @@ -35907,11 +35987,6 @@ "Name": "IgnoreVersionDetection", "Option": "Write" }, - { - "CIMType": "Boolean", - "Name": "InstallAsManaged", - "Option": "Write" - }, { "CIMType": "MSFT_DeviceManagementMimeContent", "Name": "LargeIcon", @@ -36264,6 +36339,2281 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "Parameters": [ + { + "CIMType": "String", + "Name": "Pol_SecGuide_A001_Block_Flash", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_Block_Flash", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_Legacy_JScript", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_powerpnt", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_onenote", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_mspub", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_msaccess", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_winproj", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_visio", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_outlook", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_winword", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "POL_SG_excel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PolicyEnableSIPHighSecurityMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PolicyDisableHttpConnect", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AddonManagement", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe17", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe15", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe19", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe26", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe22", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe18", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe21", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe24", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe23", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe20", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe14", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe16", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe27", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe25", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ConsistentMimeHandling", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe43", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe51", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe54", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe50", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe46", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe44", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe47", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe48", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe53", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe45", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe42", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe55", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe49", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe52", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Disableusernameandpassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe127", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe126", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe138", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe139", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe128", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe131", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe136", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe137", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe135", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe133", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe129", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe134", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe132", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe130", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Informationbar", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe113", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe114", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe123", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe124", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe120", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe118", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe115", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe121", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe112", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe117", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe125", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe119", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe122", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe116", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_LocalMachineZoneLockdownSecurity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe41", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe31", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe30", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe36", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe32", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe29", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe38", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe28", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe35", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe39", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe37", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe33", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe40", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe34", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_MimeSniffingSafetyFature", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe59", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe66", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe56", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe61", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe64", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe58", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe69", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe67", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe60", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe62", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe65", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe68", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe63", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe57", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NavigateURL", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe177", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe180", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe172", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe176", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe174", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe179", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe175", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe169", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe170", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe178", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe171", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe173", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe181", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe168", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ObjectCachingProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe77", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe73", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe79", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe83", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe72", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe81", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe82", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe78", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe70", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe71", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe75", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe74", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe76", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe80", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ProtectionFromZoneElevation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe100", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe103", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe101", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe99", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe111", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe105", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe108", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe109", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe107", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe110", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe102", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe104", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe98", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe106", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RestrictActiveXInstall", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spDesignexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RestrictFileDownload", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe5", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe6", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe11", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe9", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe10", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe8", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe4", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe12", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe13", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe0", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SavedfromURL", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe158", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe164", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe167", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe163", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe160", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe156", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe159", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe161", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe165", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe166", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe162", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe154", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe155", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe157", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ScriptedWindowSecurityRestrictions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_exprwdexe94", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mse7exe97", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_mspubexe86", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_outlookexe92", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_msaccessexe95", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_powerpntexe87", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_grooveexe84", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_excelexe85", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_pptviewexe88", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_spdesignexe93", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_visioexe89", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_onenoteexe96", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winprojexe90", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_winwordexe91", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "Parameters": [ + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Asktoupdateautomaticlinks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_LoadpicturesfromWebpagesnotcreatedinExcel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableAutoRepublish", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DoNotShowAutoRepublishWarningAlert", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Forcefileextenstionstomatch", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Forcefileextenstionstomatch_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DeterminewhethertoforceencryptedExcel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DeterminewhethertoforceencryptedExcelDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_BlockXLLFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_BlockXLLFromInternetEnum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_EnableBlockUnsecureQueryFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DBaseIIIANDIVFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DBaseIIIANDIVFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DifAndSylkFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DifAndSylkFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel2MacrosheetsAndAddInFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel2MacrosheetsAndAddInFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel2Worksheets", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel2WorksheetsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel3MacrosheetsAndAddInFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel3MacrosheetsAndAddInFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel3Worksheets", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel3WorksheetsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4MacrosheetsAndAddInFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4MacrosheetsAndAddInFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4Workbooks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4WorkbooksDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4Worksheets", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel4WorksheetsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel95Workbooks", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel95WorkbooksDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel9597WorkbooksAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel9597WorkbooksAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel972003WorkbooksAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Excel972003WorkbooksAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WebPagesAndExcel2003XMLSpreadsheets", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WebPagesAndExcel2003XMLSpreadsheetsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_XL4KillSwitchPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_EnableDataBaseFileProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty4", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftExcel_Security_L_TurnOffFileValidation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WebContentWarningLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WebContentWarningLevelValue", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyWord", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyExcel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyVisio", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyPublisher", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyOutlook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyProject", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ActiveXControlInitialization", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_ActiveXControlInitializationcolon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_BasicAuthProxyBehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AllowVbaIntranetRefs", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AutomationSecurity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SettheAutomationSecuritylevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AuthenticationFBABehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AuthenticationFBAEnabledHostsID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_authenticationFBABehaviorEnum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableStrictVbaRefsSecurityPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableallTrustBarnotificationsfor", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Encryptiontypeforirm", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Encryptiontypeforirmcolon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Encryptiontypeforpasswordprotectedoffice972003", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_encryptiontypecolon318", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Encryptiontypeforpasswordprotectedofficeopen", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Encryptiontypecolon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_LoadControlsinForms3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_LoadControlsinForms3colon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_MacroRuntimeScanScope", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_MacroRuntimeScanScopeEnum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Protectdocumentmetadataforrightsmanaged", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Allowmixofpolicyanduserlocations", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisabletheOfficeclientfrompolling", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableSmartDocumentsuseofmanifests", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OutlookSecurityMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMAddressAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMAddressAccess_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMMeetingTaskRequest", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMMeetingTaskRequest_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMSend", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMSend_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Preventusersfromcustomizingattachmentsecuritysettings", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RetrievingCRLsCertificateRevocationLists", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty31", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMFormula", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMFormula_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AuthenticationwithExchangeServer", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SelecttheauthenticationwithExchangeserver", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_EnableRPCEncryption", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Enablelinksinemailmessages", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMAddressBook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMAddressBook_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OutlookSecurityPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AllowUsersToLowerAttachments", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AllowActiveXOneOffForms", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty29", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_EnableScriptsInOneOffForms", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Level2RemoveFilePolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_removedextensions25", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_MSGUnicodeformatwhendraggingtofilesystem", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OnExecuteCustomActionOOM", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OnExecuteCustomActionOOM_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableOutlookobjectmodelscriptsforpublicfolders", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_BlockInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SecurityLevelOutlook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SecurityLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Level1RemoveFilePolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RemovedExtensions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_SignatureWarning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_signaturewarning30", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Level1Attachments", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Minimumencryptionsettings", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "L_Minimumkeysizeinbits", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DisableOutlookobjectmodelscripts", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMSaveAs", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_OOMSaveAs_Setting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_JunkEmailprotectionlevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Selectlevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RunPrograms", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_RunPrograms_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Determinewhethertoforceencryptedppt", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DeterminewhethertoforceencryptedpptDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPowerPoint_Security_L_TurnOffFileValidation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PublisherAutomationSecurityLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_PublisherAutomationSecurityLevel_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty0", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio2000Files", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio2000FilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio2003Files", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio2003FilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio50AndEarlierFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Visio50AndEarlierFilesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AllowDDE", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_AllowDDEDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2AndEarlierBinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2000BinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2000BinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2003BinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2003BinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2007AndLaterBinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word6Pt0BinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word6Pt0BinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word95BinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word95BinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word97BinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_Word97BinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WordXPBinaryDocumentsAndTemplates", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_WordXPBinaryDocumentsAndTemplatesDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DeterminewhethertoforceencryptedWord", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_DeterminewhethertoforceencryptedWordDropID", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "L_empty19", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_L_TurnOffFileValidation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "RoleScopeTagIds", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "Name": "DeviceSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise", + "Name": "UserSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneSettingCatalogASRRulesPolicyWindows10", "Parameters": [ diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index fbe1658771..68b1aae17d 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -278,6 +278,10 @@ function New-M365DSCResource $deviceDefinitionSettings = @() foreach ($deviceTemplateSetting in $deviceTemplateSettings) { + foreach ($deviceChildSetting in $deviceTemplateSetting.ChildSettings) + { + $deviceChildSetting.DisplayName += " - Depends on $($deviceTemplateSetting.Name)" + } $deviceDefinitionSettings += New-ParameterDefinitionFromSettingsCatalogTemplateSetting ` -TemplateSetting $deviceTemplateSetting } @@ -285,6 +289,10 @@ function New-M365DSCResource $userDefinitionSettings = @() foreach ($userTemplateSetting in $userTemplateSettings) { + foreach ($userChildSetting in $userTemplateSetting.ChildSettings) + { + $userChildSetting.DisplayName += " - Depends on $($userTemplateSetting.Name)" + } $userDefinitionSettings += New-ParameterDefinitionFromSettingsCatalogTemplateSetting ` -TemplateSetting $userTemplateSetting } @@ -308,14 +316,14 @@ function New-M365DSCResource MOFInstance = @( @" [ClassVersion("1.0.0.0")] -class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings +class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_$($ResourceName) { $($deviceDefinitionSettings.MOF -join "`r`n") }; "@, @" [ClassVersion("1.0.0.0")] -class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings +class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_$($ResourceName) { $($userDefinitionSettings.MOF -join "`r`n") }; @@ -336,13 +344,13 @@ $($userDefinitionSettings.MOF -join "`r`n") { $parameter -match '\$.*$' $parameterName = $Matches[0].Replace('$', '') - $parameterType = 'IntuneSettingsCatalog' + $parameterName - $cimInstance = $definitionSettings.MOFInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" } + $parameterType = 'IntuneSettingsCatalog' + $parameterName + $(if ($parameterName -in @('DeviceSettings', 'UserSettings')) { "_$ResourceName" }) + $cimInstance = $definitionSettings.MOFInstance | Where-Object -FilterScript { $_ -like "*$parameterType`n*" -or $_ -like "*$parameterType`r`n*" } $rowFilter = '\[.*;' $cimRows = [regex]::Matches($cimInstance, $rowFilter) | Foreach-Object { $_.Value } - $cimPropertyNamequery = '[a-zA-Z_]+[\[\]]*;' + $cimPropertyNamequery = '[a-zA-Z0-9_]+[\[\]]*;' $cimProperties = @() foreach ($row in $cimRows) { @@ -364,7 +372,7 @@ $($userDefinitionSettings.MOF -join "`r`n") Name = $parameterName IsComplexType = $true IsMandatory = $false - IsArray = $true + IsArray = $parameter -match '\[.*\[\]\]' Type = $parameterType Properties = $cimProperties } @@ -539,6 +547,7 @@ $($userDefinitionSettings.MOF -join "`r`n") [array]`$settings = Get-$($CmdLetNoun)Setting `` -DeviceManagementConfigurationPolicyId `$Id `` -ExpandProperty 'settingDefinitions' `` + -All `` -ErrorAction Stop `$policySettings = @{} @@ -662,7 +671,7 @@ $($userDefinitionSettings.MOF -join "`r`n") $defaultCreateParameters = @" `$settings = Get-IntuneSettingCatalogPolicySetting `` -DSCParams ([System.Collections.Hashtable]`$BoundParameters) `` - -TemplateId `$templateReferenceId$(if ($containsDeviceAndUserSettings) { " ```r`n -ContainsDeviceAndUserSettings" })`r`n + -TemplateId `$templateReferenceId$(if ($containsDeviceAndUserSettings) { " ```r`n -ContainsDeviceAndUserSettings" }) `$createParameters = @{ Name = `$DisplayName @@ -785,7 +794,7 @@ $($userDefinitionSettings.MOF -join "`r`n") $defaultUpdateParameters = @" `$settings = Get-IntuneSettingCatalogPolicySetting `` -DSCParams ([System.Collections.Hashtable]`$BoundParameters) `` - -TemplateId `$templateReferenceId$(if ($containsDeviceAndUserSettings) { " ```r`n -ContainsDeviceAndUserSettings" })`r`n + -TemplateId `$templateReferenceId$(if ($containsDeviceAndUserSettings) { " ```r`n -ContainsDeviceAndUserSettings" }) Update-IntuneDeviceConfigurationPolicy `` -DeviceConfigurationPolicyId `$currentInstance.Id `` @@ -3894,7 +3903,12 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { $newName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $_.OffsetUri -SettingName $previousSettingName -Skip $skip if ($newName -eq $newSettingName) { - $combinationMatchesWithOffsetUri += $_ + # Exclude v2 versions from the comparison + if ($settingDefinition.Id -like "*_v2" -and $_.Id -ne $settingDefinition.Id.Replace('_v2', '') -or + $settingDefinition.Id -notlike "*_v2" -and $_.Id -ne $settingDefinition.Id + "_v2") + { + $combinationMatchesWithOffsetUri += $_ + } } } $settingsWithSameName = $combinationMatchesWithOffsetUri @@ -3904,6 +3918,10 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { if ($breakCounter -lt 8) { + if ($settingDefinition.Id -like "*_v2" -and $newSettingName -notlike "*_v2") + { + $newSettingName += "_v2" + } $settingName = $newSettingName } else @@ -3925,6 +3943,24 @@ function New-SettingsCatalogSettingDefinitionSettingsFromTemplate { { $settingName = Get-SettingDefinitionNameWithParentFromOffsetUri -OffsetUri $SettingDefinition.OffsetUri -SettingName $settingName } + + # Simplify names from the OffsetUri. This is done to make the names more readable, especially in case of long and complex OffsetUris. + switch -wildcard ($settingName) + { + 'access16v2~Policy~L_MicrosoftOfficeaccess~L_ApplicationSettings~*' { $settingName = $settingName.Replace('access16v2~Policy~L_MicrosoftOfficeaccess~L_ApplicationSettings', 'MicrosoftAccess_') } + 'excel16v2~Policy~L_MicrosoftOfficeExcel~L_ExcelOptions~*' { $settingName = $settingName.Replace('excel16v2~Policy~L_MicrosoftOfficeExcel~L_ExcelOptions', 'MicrosoftExcel_') } + 'word16v2~Policy~L_MicrosoftOfficeWord~L_WordOptions~*' { $settingName = $settingName.Replace('word16v2~Policy~L_MicrosoftOfficeWord~L_WordOptions', 'MicrosoftWord_') } + 'ppt16v2~Policy~L_MicrosoftOfficePowerPoint~L_PowerPointOptions~*' { $settingName = $settingName.Replace('ppt16v2~Policy~L_MicrosoftOfficePowerPoint~L_PowerPointOptions', 'MicrosoftPowerPoint_') } + 'proj16v2~Policy~L_Proj~L_ProjectOptions~*' { $settingName = $settingName.Replace('proj16v2~Policy~L_Proj~L_ProjectOptions', 'MicrosoftProject_') } + 'visio16v2~Policy~L_MicrosoftVisio~L_VisioOptions~*' { $settingName = $settingName.Replace('visio16v2~Policy~L_MicrosoftVisio~L_VisioOptions', 'MicrosoftVisio_') } + 'pub16v2~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v2~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV2_') } + 'pub16v3~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v3~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV3_') } + '*~L_Security~*' { $settingName = $settingName.Replace('~L_Security', 'Security') } + '*~L_TrustCenter*' { $settingName = $settingName.Replace('~L_TrustCenter', '_TrustCenter') } + '*~L_ProtectedView_*' { $settingName = $settingName.Replace('~L_ProtectedView', 'ProtectedView') } + '*~L_FileBlockSettings_*' { $settingName = $settingName.Replace('~L_FileBlockSettings', 'FileBlockSettings') } + '*~L_TrustedLocations*' { $settingName = $settingName.Replace('~L_TrustedLocations', 'TrustedLocations') } + } } $childSettings = @() @@ -4092,7 +4128,7 @@ class $ "@ - $mofDefinition = $mofParameterTemplate.Replace("", $TemplateSetting.DisplayName) + $mofDefinition = $mofParameterTemplate.Replace("", $TemplateSetting.DisplayName.Replace("`r`n", "")) $optionsString = "" $valueMapString = "" if ($TemplateSetting.Options) { diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 index 828bde930b..d0e9424d6f 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Create.Tests.ps1 @@ -360,6 +360,47 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADIdentityGovernanceLifecycleWorkflow 'AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version' + { + Category = "joiner"; + Description = "Description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Present"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + Rule = '(not (country eq ''Brazil''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + Description = 'Add user to selected groups' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } AADNamedLocationPolicy 'CompanyNetwork' { DisplayName = "Company Network" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 index c7f705b234..86e91dc321 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Remove.Tests.ps1 @@ -285,6 +285,47 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADIdentityGovernanceLifecycleWorkflow 'AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version' + { + Category = "joiner"; + Description = "Updated description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Absent"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + Rule = '(not (country eq ''America''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + Description = 'Add user to selected groups updated' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } AADNamedLocationPolicy 'CompanyNetwork' { DisplayName = "Company Network" diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 index 38a257dddf..cce664e8ec 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.AAD.Update.Tests.ps1 @@ -861,6 +861,50 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } + AADIdentityGovernanceLifecycleWorkflow 'AADIdentityGovernanceLifecycleWorkflow-Onboard pre-hire employee updated version' + { + Category = "joiner"; + #updated description + Description = "Updated description the onboard of prehire employee"; + DisplayName = "Onboard pre-hire employee updated version"; + Ensure = "Present"; + ExecutionConditions = MSFT_IdentityGovernanceWorkflowExecutionConditions { + ScopeValue = MSFT_IdentityGovernanceScope { + #updated rule + Rule = '(not (country eq ''America''))' + ODataType = '#microsoft.graph.identityGovernance.ruleBasedSubjectSet' + } + TriggerValue = MSFT_IdentityGovernanceTrigger { + OffsetInDays = 4 + TimeBasedAttribute = 'employeeHireDate' + ODataType = '#microsoft.graph.identityGovernance.timeBasedAttributeTrigger' + } + ODataType = '#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions' + }; + IsEnabled = $True; + IsSchedulingEnabled = $False; + Tasks = @( + MSFT_AADIdentityGovernanceTask { + DisplayName = 'Add user to groups' + #updated description + Description = 'Add user to selected groups updated' + Category = 'joiner,leaver,mover' + IsEnabled = $True + ExecutionSequence = 1 + ContinueOnError = $True + TaskDefinitionId = '22085229-5809-45e8-97fd-270d28d66910' + Arguments = @( + MSFT_AADIdentityGovernanceTaskArguments { + Name = 'groupID' + Value = '7ad01e00-8c3a-42a6-baaf-39f2390b2565' + } + ) + } + ); + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + } AADLifecycleWorkflowSettings 'AADLifecycleWorkflowSettings' { ApplicationId = $ApplicationId; diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index 26e65f5d12..c8d9f4947c 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -91,12 +91,12 @@ IntuneAccountProtectionPolicyWindows10 'myAccountProtectionPolicy' { DisplayName = 'test' - DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { History = 10 EnablePinRecovery = 'true' } - UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { History = 20 EnablePinRecovery = 'true' @@ -305,6 +305,15 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneDerivedCredential 'IntuneDerivedCredential-K5' + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; + } IntuneDeviceAndAppManagementAssignmentFilter 'AssignmentFilter' { DisplayName = 'Test Device Filter' @@ -2542,7 +2551,7 @@ PrivacyInformationUrl = ""; Publisher = "Contoso"; Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' @@ -2622,6 +2631,38 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + L_powerpntexe101 = '1' + L_pptviewexe102 = '1' + L_visioexe103 = '1' + L_winprojexe104 = '1' + L_winwordexe105 = '1' + L_outlookexe106 = '1' + L_spdesignexe107 = '1' + L_exprwdexe108 = '1' + L_msaccessexe109 = '1' + L_onenoteexe110 = '1' + L_mse7exe111 = '1' + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '3' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' { DisplayName = 'asr 2' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 index b83b974567..d3d8323968 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 @@ -219,7 +219,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) Description = "My Test" DeviceSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 10 } -ClientOnly ) @@ -227,7 +227,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = "My Test" RoleScopeTagIds = @("FakeStringValue") UserSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 20 } -ClientOnly ) @@ -263,7 +263,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) Description = "My Test" DeviceSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 10 } -ClientOnly ) @@ -271,7 +271,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = "My Test" RoleScopeTagIds = @("FakeStringValue") UserSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 20 } -ClientOnly ) @@ -305,7 +305,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) Description = "My Test" DeviceSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 10 } -ClientOnly ) @@ -313,7 +313,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = "My Test" RoleScopeTagIds = @("FakeStringValue") UserSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 20 } -ClientOnly ) @@ -339,7 +339,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { ) Description = "My Test" DeviceSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 10 } -ClientOnly ) @@ -347,7 +347,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { DisplayName = "My Test" RoleScopeTagIds = @("FakeStringValue") UserSettings = [CimInstance]( - New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 -Property @{ History = 30 # Drift } -ClientOnly ) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 new file mode 100644 index 0000000000..1d23b82ab7 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDerivedCredential.Tests.ps1 @@ -0,0 +1,207 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$CurrentScriptPath = $PSCommandPath.Split('\') +$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] +$ResourceName = $CurrentScriptName.Split('.')[1] +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource $ResourceName -GenericStubModule $GenericStubPath + +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + } + Mock -CommandName New-MgBetaDeviceManagementDerivedCredential -MockWith { + } + Mock -CommandName Remove-MgBetaDeviceManagementDerivedCredential -MockWith { + } + + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name " 1. The instance should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return $null + } + } + It ' 1.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It ' 1.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It ' 1.3 Should create a new instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementDerivedCredential -Exactly 1 + } + } + + Context -Name " 2. The instance exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + } + } + } + It ' 2.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + It ' 2.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It ' 2.3 Should remove the instance from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementDerivedCredential -Exactly 1 + } + } + + Context -Name " 3. The instance exists and values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + } + } + } + + It ' 3.0 Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name " 4. The instance exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + DisplayName = "K5 drift"; #drift + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + } + } + } + + It ' 4.1 Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It ' 4.2 Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + # Update is not allowed on DerivedCredential resource so it should be called 0 times. + } + + Context -Name ' 5. ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementDerivedCredential -MockWith { + return @{ + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + } + } + } + It ' 5.0 Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 new file mode 100644 index 0000000000..a232790964 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 @@ -0,0 +1,500 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneSecurityBaselineMicrosoft365AppsForEnterprise" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + } + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + Description = 'My Test' + Name = 'My Test' + RoleScopeTagIds = @("FakeStringValue") + TemplateReference = @{ + TemplateId = '90316f12-246d-44c6-a767-f87692e86083_2' + } + } + } + + Mock -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName Update-IntuneDeviceConfigurationPolicy -MockWith { + } + + Mock -CommandName Get-IntuneSettingCatalogPolicySetting -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicySetting -MockWith { + return @( + @{ + Id = '0' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + Name = 'L_ProtectionFromZoneElevation' + OffsetUri = '/Config/office16v2~Policy~L_MicrosoftOfficemachine~L_SecuritySettingsMachine~L_IESecurity/L_ProtectionFromZoneElevation' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + } + }, + @{ + Id = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_excelexe99' + Name = 'L_excelexe99' + OffsetUri = '/Config/office16v2~Policy~L_MicrosoftOfficemachine~L_SecuritySettingsMachine~L_IESecurity/L_ProtectionFromZoneElevation' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name = 'False' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_excelexe99_0' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + }, + @{ + name = 'True' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_excelexe99_1' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_grooveexe98' + Name = 'L_grooveexe98' + OffsetUri = '/Config/office16v2~Policy~L_MicrosoftOfficemachine~L_SecuritySettingsMachine~L_IESecurity/L_ProtectionFromZoneElevation' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name = 'False' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_grooveexe98_0' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + }, + @{ + name = 'True' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_grooveexe98_1' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_mspubexe100' + Name = 'L_mspubexe100' + OffsetUri = '/Config/office16v2~Policy~L_MicrosoftOfficemachine~L_SecuritySettingsMachine~L_IESecurity/L_ProtectionFromZoneElevation' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name = 'False' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_mspubexe100_0' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + }, + @{ + name = 'True' + itemId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_mspubexe100_1' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + parentSettingId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + } + ) + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '7f23a242-9f64-47a5-8a57-a4675ca74c2b' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + value = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_1' + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_grooveexe98' + choiceSettingValue = @{ + children = @() + value = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_grooveexe98_1' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_excelexe99' + choiceSettingValue = @{ + children = @() + value = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_excelexe99_1' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_mspubexe100' + choiceSettingValue = @{ + children = @() + value = 'device_vendor_msft_policy_config_office16v2~policy~l_microsoftofficemachine~l_securitysettingsmachine~l_iesecurity_l_protectionfromzoneelevation_l_mspubexe100_1' + } + } + ) + } + } + } + }, + @{ + Id = '1' + SettingDefinitions = @( + @{ + Id = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates' + Name = 'L_Word2003BinaryDocumentsAndTemplates' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name = 'Enabled' + itemId = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_1' + } + ) + } + }, + @{ + Id = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_l_word2003binarydocumentsandtemplatesdropid' + Name = 'L_Word2003BinaryDocumentsAndTemplatesDropID' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name = 'Open/Save blocked, use open policy' + itemId = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_l_word2003binarydocumentsandtemplatesdropid_2' + dependentOn = @( + @{ + dependentOn = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_1' + parentSettingId = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates' + } + ) + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '23436aa2-f056-40bd-aca3-9bc84b2aeff0' + } + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + choiceSettingValue = @{ + value = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_1' + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_l_word2003binarydocumentsandtemplatesdropid' + choiceSettingValue = @{ + children = @() + value = 'user_vendor_msft_policy_config_word16v2~policy~l_microsoftofficeword~l_wordoptions~l_security~l_trustcenter~l_fileblocksettings_l_word2003binarydocumentsandtemplates_l_word2003binarydocumentsandtemplatesdropid_2' + } + } + ) + } + } + } + } + ) + } + + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyAssignment -MockWith { + return @(@{ + Id = '12345-12345-12345-12345-12345' + Source = 'direct' + SourceId = '12345-12345-12345-12345-12345' + Target = @{ + DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' + DeviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @( + @{ + '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + } + ) + } + }) + } + + } + # Test contexts + Context -Name "The IntuneSecurityBaselineMicrosoft365AppsForEnterprise should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + DeviceSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + } -ClientOnly + ) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + UserSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + L_Word2003BinaryDocumentsAndTemplates = '1' + L_Word2003BinaryDocumentsAndTemplatesDropID = '2' + } -ClientOnly + ) + Ensure = "Present" + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + + Context -Name "The IntuneSecurityBaselineMicrosoft365AppsForEnterprise exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + DeviceSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + } -ClientOnly + ) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + UserSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + L_Word2003BinaryDocumentsAndTemplates = '1' + L_Word2003BinaryDocumentsAndTemplatesDropID = '2' + } -ClientOnly + ) + Ensure = "Absent" + Credential = $Credential + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + Context -Name "The IntuneSecurityBaselineMicrosoft365AppsForEnterprise Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + DeviceSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + } -ClientOnly + ) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + UserSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + L_Word2003BinaryDocumentsAndTemplates = '1' + L_Word2003BinaryDocumentsAndTemplatesDropID = '2' + } -ClientOnly + ) + Ensure = "Present" + Credential = $Credential + } + } + + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneSecurityBaselineMicrosoft365AppsForEnterprise exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + DeviceSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings -Property @{ + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '0' # Drift + } -ClientOnly + ) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + UserSettings = [CimInstance]( + New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings -Property @{ + L_Word2003BinaryDocumentsAndTemplates = '1' + L_Word2003BinaryDocumentsAndTemplatesDropID = '2' + } -ClientOnly + ) + Ensure = "Present" + Credential = $Credential + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-IntuneDeviceConfigurationPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + } + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index b5c7007061..816dc46565 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -19348,7 +19348,8 @@ function Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment ) } -function New-MgBetaDeviceAppManagementMobileApp { +function New-MgBetaDeviceManagementDerivedCredential { + [CmdletBinding()] param ( [Parameter()] @@ -19359,6 +19360,74 @@ function New-MgBetaDeviceAppManagementMobileApp { [System.String] $DisplayName, + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none' + ) +} + +function Get-MgBetaDeviceManagementDerivedCredential { + [CmdletBinding()] + param ( + [Parameter()] + [System.String] + $DeviceManagementDerivedCredentialSettingsId, + + [Parameter()] + [System.String] + $DisplayName, + + [Parameter()] + [System.String] + $HelpUrl, + + [Parameter()] + [ValidateSet('intercede', 'entrustData', 'purebred')] + [System.String] + $Issuer, + + [Parameter()] + [ValidateSet('none', 'email', 'companyPortal')] + [System.String] + $NotificationType = 'none' + ) +} + +function Remove-MgBetaDeviceManagementDerivedCredential +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $DeviceManagementDerivedCredentialSettingsId, + + [Parameter()] + [System.Boolean] + $Confirm + ) +} + +function New-MgBetaDeviceAppManagementMobileApp { + [CmdletBinding()] + param ( + [Parameter()] + [System.String] + $DeviceManagementDerivedCredentialSettingsId, + + [Parameter()] + [System.String] + $DisplayName, + [Parameter()] [System.String] $Description, diff --git a/docs/docs/resources/intune/IntuneAccountProtectionPolicyWindows10.md b/docs/docs/resources/intune/IntuneAccountProtectionPolicyWindows10.md index b48a438afa..8a3356509d 100644 --- a/docs/docs/resources/intune/IntuneAccountProtectionPolicyWindows10.md +++ b/docs/docs/resources/intune/IntuneAccountProtectionPolicyWindows10.md @@ -8,8 +8,8 @@ | **DisplayName** | Key | String | Policy name | | | **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | | **Id** | Write | String | The unique identifier for an entity. Read-only. | | -| **DeviceSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings | The policy settings for the device scope. | | -| **UserSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings | The policy settings for the user scope | | +| **DeviceSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 | The policy settings for the device scope. | | +| **UserSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 | The policy settings for the user scope | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Admin | | @@ -33,7 +33,7 @@ | **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | | **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | -### MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings +### MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 #### Parameters @@ -53,7 +53,7 @@ | **UseCertificateForOnPremAuth** | Write | String | Use Certificate For On Prem Auth (false: Disabled, true: Enabled) | `false`, `true` | | **UsePassportForWork** | Write | String | Use Windows Hello For Business (Device) (false: Disabled, true: Enabled) | `false`, `true` | -### MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings +### MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 #### Parameters @@ -131,12 +131,12 @@ Configuration Example IntuneAccountProtectionPolicyWindows10 'myAccountProtectionPolicy' { DisplayName = 'test' - DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { History = 10 EnablePinRecovery = 'true' } - UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { History = 20 EnablePinRecovery = 'true' @@ -178,12 +178,12 @@ Configuration Example IntuneAccountProtectionPolicyWindows10 'myAccountProtectionPolicy' { DisplayName = 'test' - DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10 { History = 10 EnablePinRecovery = 'true' } - UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10 { History = 30 # Updated property EnablePinRecovery = 'true' diff --git a/docs/docs/resources/intune/IntuneAppCategory.md b/docs/docs/resources/intune/IntuneAppCategory.md index 062055e54c..99193c9196 100644 --- a/docs/docs/resources/intune/IntuneAppCategory.md +++ b/docs/docs/resources/intune/IntuneAppCategory.md @@ -4,7 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | -| **DisplayName** | Key | String | The name of the app category. | | +| **DisplayName** | Key | String | The name of the app. | | | **Id** | Write | String | The unique identifier for an entity. Read-only. | | | **Ensure** | Write | String | Present ensures the instance exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the workload's Admin | | diff --git a/docs/docs/resources/intune/IntuneDerivedCredential.md b/docs/docs/resources/intune/IntuneDerivedCredential.md new file mode 100644 index 0000000000..c43b79bec9 --- /dev/null +++ b/docs/docs/resources/intune/IntuneDerivedCredential.md @@ -0,0 +1,150 @@ +# IntuneDerivedCredential + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **DisplayName** | Key | String | The name of the app category. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **HelpUrl** | Write | String | The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal. | | +| **RenewalThresholdPercentage** | Write | UInt32 | The nominal percentage of time before certificate renewal is initiated by the client. | | +| **Issuer** | Write | String | Supported values for the derived credential issuer. | `intercede`, `entrustDatacard`, `purebred` | +| **NotificationType** | Write | String | Supported values for the notification type to use. | `none`, `email`, `companyPortal` | +| **Ensure** | Write | String | Supported values for the notification type to use. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Intune Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + + +## Description + +## Create new navigation property to derivedCredentials for deviceManagement for Intune. + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - None + +- **Update** + + - None + +#### Application permissions + +- **Read** + + - None + +- **Update** + + - None + +## Examples + +### Example 1 + + +```powershell +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; + } + } +} +``` + +### Example 2 + + +```powershell +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Present"; + } + } +} +``` + +### Example 3 + + +```powershell +Configuration Example { + param( + [Parameter()] + [System.String] $ApplicationId, + + [Parameter()] + [System.String] $TenantId, + + [Parameter()] + [System.String] $CertificateThumbprint + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost { + IntuneDerivedCredential "IntuneDerivedCredential-K5" + { + DisplayName = "K5"; + HelpUrl = "http://www.ff.com/"; + Id = "a409d85f-2a49-440d-884a-80fb52a557ab"; + Issuer = "purebred"; + NotificationType = "email"; + Ensure = "Absent"; + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneMobileAppsMacOSLobApp.md b/docs/docs/resources/intune/IntuneMobileAppsMacOSLobApp.md index 42df970079..cdb64c20a7 100644 --- a/docs/docs/resources/intune/IntuneMobileAppsMacOSLobApp.md +++ b/docs/docs/resources/intune/IntuneMobileAppsMacOSLobApp.md @@ -14,12 +14,12 @@ | **Owner** | Write | String | The owner of the app. Inherited from mobileApp. | | | **PrivacyInformationUrl** | Write | String | The privacy statement Url. Inherited from mobileApp. | | | **Publisher** | Write | String | The publisher of the app. Inherited from mobileApp. | | +| **PublishingState** | Write | String | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. | `notPublished`, `processing`, `published` | | **BundleId** | Write | String | The bundleId of the app. | | | **BuildNumber** | Write | String | The build number of the app. | | | **VersionNumber** | Write | String | The version number of the app. | | | **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tag IDs for mobile app. | | | **IgnoreVersionDetection** | Write | Boolean | Whether to ignore the version of the app or not. | | -| **InstallAsManaged** | Write | Boolean | Install the app as managed. Requires macOS 11.0. | | | **LargeIcon** | Write | MSFT_DeviceManagementMimeContent | The icon for this app. | | | **MinimumSupportedOperatingSystem** | Write | MSFT_DeviceManagementMinimumOperatingSystem | The minimum supported operating system to install the app. | | | **Categories** | Write | MSFT_DeviceManagementMobileAppCategory[] | The list of categories for this app. | | @@ -170,7 +170,7 @@ Configuration Example PrivacyInformationUrl = ""; Publisher = "Contoso"; Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' @@ -234,14 +234,15 @@ Configuration Example Owner = ""; PrivacyInformationUrl = ""; Publisher = "Contoso"; - Assignments = @( - MSFT_DeviceManagementMobileAppAssignment{ + PublishingState = "published"; + Assignments = @( + MSFT_DeviceManagementMobileAppAssignment { groupDisplayName = 'All devices' deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.allDevicesAssignmentTarget' intent = 'required' } - MSFT_DeviceManagementMobileAppAssignment{ + MSFT_DeviceManagementMobileAppAssignment { deviceAndAppManagementAssignmentFilterType = 'none' dataType = '#microsoft.graph.groupAssignmentTarget' groupId = '57b5e81c-85bb-4644-a4fd-33b03e451c89' diff --git a/docs/docs/resources/intune/IntuneSecurityBaselineMicrosoft365AppsForEnterprise.md b/docs/docs/resources/intune/IntuneSecurityBaselineMicrosoft365AppsForEnterprise.md new file mode 100644 index 0000000000..78a3f1969a --- /dev/null +++ b/docs/docs/resources/intune/IntuneSecurityBaselineMicrosoft365AppsForEnterprise.md @@ -0,0 +1,678 @@ +# IntuneSecurityBaselineMicrosoft365AppsForEnterprise + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Policy description | | +| **DisplayName** | Key | String | Policy name | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **DeviceSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise | The policy settings for the device scope | | +| **UserSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise | The policy settings for the user scope | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Pol_SecGuide_A001_Block_Flash** | Write | String | Block Flash activation in Office documents (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_Block_Flash** | Write | String | Block Flash player in Office (Device) - Depends on Pol_SecGuide_A001_Block_Flash (block all flash activation: Block all activation, block embedded flash activation only: Block embedding/linking, allow other activation, allow all flash activation: Allow all activation) | `block all flash activation`, `block embedded flash activation only`, `allow all flash activation` | +| **Pol_SecGuide_Legacy_JScript** | Write | String | Restrict legacy JScript execution for Office (0: Disabled, 1: Enabled) | `0`, `1` | +| **POL_SG_powerpnt** | Write | SInt32 | PowerPoint: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_onenote** | Write | SInt32 | OneNote: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_mspub** | Write | SInt32 | Publisher: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_msaccess** | Write | SInt32 | Access: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_winproj** | Write | SInt32 | Project: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_visio** | Write | SInt32 | Visio: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_outlook** | Write | SInt32 | Outlook: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_winword** | Write | SInt32 | Word: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **POL_SG_excel** | Write | SInt32 | Excel: (Device) - Depends on Pol_SecGuide_Legacy_JScript | | +| **L_PolicyEnableSIPHighSecurityMode** | Write | String | Configure SIP security mode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_PolicyDisableHttpConnect** | Write | String | Disable HTTP fallback for SIP connection (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AddonManagement** | Write | String | Add-on Management (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_powerpntexe17** | Write | String | powerpnt.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_excelexe15** | Write | String | excel.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_visioexe19** | Write | String | visio.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe26** | Write | String | onent.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_outlookexe22** | Write | String | outlook.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe18** | Write | String | pptview.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_winwordexe21** | Write | String | winword.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe24** | Write | String | exprwd.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe23** | Write | String | spDesign.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_winprojexe20** | Write | String | winproj.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_grooveexe14** | Write | String | groove.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_mspubexe16** | Write | String | mspub.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_mse7exe27** | Write | String | mse7.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe25** | Write | String | msaccess.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | `0`, `1` | +| **L_ConsistentMimeHandling** | Write | String | Consistent Mime Handling (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_excelexe43** | Write | String | excel.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe51** | Write | String | spDesign.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe54** | Write | String | onent.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_outlookexe50** | Write | String | outlook.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe46** | Write | String | pptview.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_mspubexe44** | Write | String | mspub.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_visioexe47** | Write | String | visio.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_winprojexe48** | Write | String | winproj.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe53** | Write | String | msaccess.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe45** | Write | String | powerpnt.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_grooveexe42** | Write | String | groove.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_mse7exe55** | Write | String | mse7.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_winwordexe49** | Write | String | winword.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe52** | Write | String | exprwd.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | `0`, `1` | +| **L_Disableusernameandpassword** | Write | String | Disable user name and password (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_excelexe127** | Write | String | excel.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_grooveexe126** | Write | String | groove.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe138** | Write | String | onent.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_mse7exe139** | Write | String | mse7.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_mspubexe128** | Write | String | mspub.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_visioexe131** | Write | String | visio.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe136** | Write | String | exprwd.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe137** | Write | String | msaccess.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe135** | Write | String | spDesign.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_winwordexe133** | Write | String | winword.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe129** | Write | String | powerpnt.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_outlookexe134** | Write | String | outlook.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_winprojexe132** | Write | String | winproj.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe130** | Write | String | pptview.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | `0`, `1` | +| **L_Informationbar** | Write | String | Information Bar (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_excelexe113** | Write | String | excel.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_mspubexe114** | Write | String | mspub.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe123** | Write | String | msaccess.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe124** | Write | String | onent.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_outlookexe120** | Write | String | outlook.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_winprojexe118** | Write | String | winproj.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe115** | Write | String | powerpnt.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe121** | Write | String | spDesign.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_grooveexe112** | Write | String | groove.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_visioexe117** | Write | String | visio.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_mse7exe125** | Write | String | mse7.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_winwordexe119** | Write | String | winword.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe122** | Write | String | exprwd.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe116** | Write | String | pptview.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | `0`, `1` | +| **L_LocalMachineZoneLockdownSecurity** | Write | String | Local Machine Zone Lockdown Security (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_mse7exe41** | Write | String | mse7.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe31** | Write | String | powerpnt.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_mspubexe30** | Write | String | mspub.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_outlookexe36** | Write | String | outlook.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe32** | Write | String | pptview.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_excelexe29** | Write | String | excel.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe38** | Write | String | exprwd.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_grooveexe28** | Write | String | groove.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_winwordexe35** | Write | String | winword.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe39** | Write | String | msaccess.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe37** | Write | String | spDesign.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_visioexe33** | Write | String | visio.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe40** | Write | String | onent.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_winprojexe34** | Write | String | winproj.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | `0`, `1` | +| **L_MimeSniffingSafetyFature** | Write | String | Mime Sniffing Safety Feature (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_powerpntexe59** | Write | String | powerpnt.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe66** | Write | String | exprwd.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_grooveexe56** | Write | String | groove.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_visioexe61** | Write | String | visio.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_outlookexe64** | Write | String | outlook.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_mspubexe58** | Write | String | mspub.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_mse7exe69** | Write | String | mse7.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe67** | Write | String | msaccess.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe60** | Write | String | pptview.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_winprojexe62** | Write | String | winproj.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe65** | Write | String | spDesign.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe68** | Write | String | onent.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_winwordexe63** | Write | String | winword.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_excelexe57** | Write | String | excel.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | `0`, `1` | +| **L_NavigateURL** | Write | String | Navigate URL (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_spdesignexe177** | Write | String | spDesign.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe180** | Write | String | onent.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe172** | Write | String | pptview.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_outlookexe176** | Write | String | outlook.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_winprojexe174** | Write | String | winproj.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe179** | Write | String | msaccess.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_winwordexe175** | Write | String | winword.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_excelexe169** | Write | String | excel.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_mspubexe170** | Write | String | mspub.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe178** | Write | String | exprwd.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe171** | Write | String | powerpnt.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_visioexe173** | Write | String | visio.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_mse7exe181** | Write | String | mse7.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_grooveexe168** | Write | String | groove.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | `0`, `1` | +| **L_ObjectCachingProtection** | Write | String | Object Caching Protection (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_winwordexe77** | Write | String | winword.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe73** | Write | String | powerpnt.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe79** | Write | String | spDesign.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_mse7exe83** | Write | String | mse7.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_mspubexe72** | Write | String | mspub.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe81** | Write | String | msaccess.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe82** | Write | String | onent.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_outlookexe78** | Write | String | outlook.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_grooveexe70** | Write | String | groove.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_excelexe71** | Write | String | excel.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_visioexe75** | Write | String | visio.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe74** | Write | String | pptview.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_winprojexe76** | Write | String | winproj.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe80** | Write | String | exprwd.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | `0`, `1` | +| **L_ProtectionFromZoneElevation** | Write | String | Protection From Zone Elevation (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_mspubexe100** | Write | String | mspub.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_visioexe103** | Write | String | visio.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe101** | Write | String | powerpnt.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_excelexe99** | Write | String | excel.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_mse7exe111** | Write | String | mse7.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_winwordexe105** | Write | String | winword.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe108** | Write | String | exprwd.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe109** | Write | String | msaccess.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe107** | Write | String | spDesign.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe110** | Write | String | onent.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe102** | Write | String | pptview.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_winprojexe104** | Write | String | winproj.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_grooveexe98** | Write | String | groove.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_outlookexe106** | Write | String | outlook.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | `0`, `1` | +| **L_RestrictActiveXInstall** | Write | String | Restrict ActiveX Install (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_mse7exe** | Write | String | mse7.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe** | Write | String | powerpnt.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_spDesignexe** | Write | String | spDesign.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe** | Write | String | onent.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_excelexe** | Write | String | excel.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_mspubexe** | Write | String | mspub.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_visioexe** | Write | String | visio.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe** | Write | String | exprwd.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_outlookexe** | Write | String | outlook.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe** | Write | String | pptview.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_winprojexe** | Write | String | winproj.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_winwordexe** | Write | String | winword.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_grooveexe** | Write | String | groove.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe** | Write | String | msaccess.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | `0`, `1` | +| **L_RestrictFileDownload** | Write | String | Restrict File Download (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_visioexe5** | Write | String | visio.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_winprojexe6** | Write | String | winproj.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe11** | Write | String | msaccess.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe9** | Write | String | spDesign.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_excelexe1** | Write | String | excel.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe3** | Write | String | powerpnt.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_mspubexe2** | Write | String | mspub.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe10** | Write | String | exprwd.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_outlookexe8** | Write | String | outlook.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe4** | Write | String | pptview.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_winwordexe7** | Write | String | winword.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe12** | Write | String | onent.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_mse7exe13** | Write | String | mse7.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_grooveexe0** | Write | String | groove.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | `0`, `1` | +| **L_SavedfromURL** | Write | String | Saved from URL (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_pptviewexe158** | Write | String | pptview.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_exprwdexe164** | Write | String | exprwd.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_mse7exe167** | Write | String | mse7.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe163** | Write | String | spDesign.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_winprojexe160** | Write | String | winproj.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_mspubexe156** | Write | String | mspub.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_visioexe159** | Write | String | visio.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_winwordexe161** | Write | String | winword.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe165** | Write | String | msaccess.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe166** | Write | String | onent.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_outlookexe162** | Write | String | outlook.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_grooveexe154** | Write | String | groove.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_excelexe155** | Write | String | excel.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe157** | Write | String | powerpnt.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | `0`, `1` | +| **L_ScriptedWindowSecurityRestrictions** | Write | String | Scripted Window Security Restrictions (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_exprwdexe94** | Write | String | exprwd.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_mse7exe97** | Write | String | mse7.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_mspubexe86** | Write | String | mspub.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_outlookexe92** | Write | String | outlook.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_msaccessexe95** | Write | String | msaccess.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_powerpntexe87** | Write | String | powerpnt.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_grooveexe84** | Write | String | groove.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_excelexe85** | Write | String | excel.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_pptviewexe88** | Write | String | pptview.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_spdesignexe93** | Write | String | spDesign.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_visioexe89** | Write | String | visio.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_onenoteexe96** | Write | String | onent.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_winprojexe90** | Write | String | winproj.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | +| **L_winwordexe91** | Write | String | winword.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | `0`, `1` | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty** | Write | String | - Depends on MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks** | Write | String | Do not show data extraction options when opening corrupt workbooks (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Asktoupdateautomaticlinks** | Write | String | Ask to update automatic links (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_LoadpicturesfromWebpagesnotcreatedinExcel** | Write | String | Load pictures from Web pages not created in Excel (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DisableAutoRepublish** | Write | String | Disable AutoRepublish (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DoNotShowAutoRepublishWarningAlert** | Write | String | Do not show AutoRepublish warning alert (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Forcefileextenstionstomatch** | Write | String | Force file extension to match file type (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Forcefileextenstionstomatch_L_Empty** | Write | String | - Depends on L_Forcefileextenstionstomatch (0: Allow different, 1: Allow different, but warn, 2: Always match file type) | `0`, `1`, `2` | +| **L_DeterminewhethertoforceencryptedExcel** | Write | String | Scan encrypted macros in Excel Open XML workbooks (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DeterminewhethertoforceencryptedExcelDropID** | Write | String | - Depends on L_DeterminewhethertoforceencryptedExcel (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | `0`, `1`, `2` | +| **L_BlockXLLFromInternet** | Write | String | Block Excel XLL Add-ins that come from an untrusted source (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_BlockXLLFromInternetEnum** | Write | String | - Depends on L_BlockXLLFromInternet (1: Block, 0: Show Additional Warning, 2: Allow) | `1`, `0`, `2` | +| **MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_EnableBlockUnsecureQueryFiles** | Write | String | Always prevent untrusted Microsoft Query files from opening (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DBaseIIIANDIVFiles** | Write | String | dBase III / IV files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DBaseIIIANDIVFilesDropID** | Write | String | File block setting: (User) - Depends on L_DBaseIIIANDIVFiles (0: Do not block, 2: Open/Save blocked, use open policy) | `0`, `2` | +| **L_DifAndSylkFiles** | Write | String | Dif and Sylk files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DifAndSylkFilesDropID** | Write | String | File block setting: (User) - Depends on L_DifAndSylkFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy) | `0`, `1`, `2` | +| **L_Excel2MacrosheetsAndAddInFiles** | Write | String | Excel 2 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel2MacrosheetsAndAddInFilesDropID** | Write | String | File block setting: (User) - Depends on L_Excel2MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel2Worksheets** | Write | String | Excel 2 worksheets (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel2WorksheetsDropID** | Write | String | File block setting: (User) - Depends on L_Excel2Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel3MacrosheetsAndAddInFiles** | Write | String | Excel 3 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel3MacrosheetsAndAddInFilesDropID** | Write | String | File block setting: (User) - Depends on L_Excel3MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel3Worksheets** | Write | String | Excel 3 worksheets (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel3WorksheetsDropID** | Write | String | File block setting: (User) - Depends on L_Excel3Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel4MacrosheetsAndAddInFiles** | Write | String | Excel 4 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel4MacrosheetsAndAddInFilesDropID** | Write | String | File block setting: (User) - Depends on L_Excel4MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel4Workbooks** | Write | String | Excel 4 workbooks (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel4WorkbooksDropID** | Write | String | File block setting: (User) - Depends on L_Excel4Workbooks (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel4Worksheets** | Write | String | Excel 4 worksheets (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel4WorksheetsDropID** | Write | String | File block setting: (User) - Depends on L_Excel4Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel95Workbooks** | Write | String | Excel 95 workbooks (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel95WorkbooksDropID** | Write | String | File block setting: (User) - Depends on L_Excel95Workbooks (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `1`, `2`, `3`, `4`, `5` | +| **L_Excel9597WorkbooksAndTemplates** | Write | String | Excel 95-97 workbooks and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel9597WorkbooksAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Excel9597WorkbooksAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Excel972003WorkbooksAndTemplates** | Write | String | Excel 97-2003 workbooks and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Excel972003WorkbooksAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Excel972003WorkbooksAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `1`, `2`, `3`, `4`, `5` | +| **MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior** | Write | String | Set default file block behavior (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID** | Write | String | - Depends on MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | `0`, `1`, `2` | +| **L_WebPagesAndExcel2003XMLSpreadsheets** | Write | String | Web pages and Excel 2003 XML spreadsheets (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_WebPagesAndExcel2003XMLSpreadsheetsDropID** | Write | String | File block setting: (User) - Depends on L_WebPagesAndExcel2003XMLSpreadsheets (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `1`, `2`, `3`, `4`, `5` | +| **L_XL4KillSwitchPolicy** | Write | String | Prevent Excel from running XLM macros (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_EnableDataBaseFileProtectedView** | Write | String | Always open untrusted database files in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView** | Write | String | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView** | Write | String | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails** | Write | String | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3** | Write | String | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID** | Write | String | - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook** | Write | String | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty4** | Write | String | - Depends on MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable VBA macros with notification, 3: Disable VBA macros except digitally signed macros, 4: Disable VBA macros without notification, 1: Enable VBA macros (not recommended)) | `2`, `3`, `4`, `1` | +| **MicrosoftExcel_Security_L_TurnOffFileValidation** | Write | String | Turn off file validation (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_WebContentWarningLevel** | Write | String | WEBSERVICE Function Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_WebContentWarningLevelValue** | Write | String | - Depends on L_WebContentWarningLevel (0: Enable all WEBSERVICE functions (not recommended), 1: Disable all with notification, 2: Disable all without notification) | `0`, `1`, `2` | +| **L_NoExtensibilityCustomizationFromDocumentPolicy** | Write | String | Disable UI extending from documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyWord** | Write | String | Disallow in Word (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyExcel** | Write | String | Disallow in Excel (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyVisio** | Write | String | Disallow in Visio (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint** | Write | String | Disallow in PowerPoint (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyPublisher** | Write | String | Disallow in Publisher (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyOutlook** | Write | String | Disallow in Outlook (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyProject** | Write | String | Disallow in Project (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyAccess** | Write | String | Disallow in Access (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath** | Write | String | Disallow in InfoPath (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | `0`, `1` | +| **L_ActiveXControlInitialization** | Write | String | ActiveX Control Initialization (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_ActiveXControlInitializationcolon** | Write | String | ActiveX Control Initialization: (User) - Depends on L_ActiveXControlInitialization (1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6) | `1`, `2`, `3`, `4`, `5`, `6` | +| **L_BasicAuthProxyBehavior** | Write | String | Allow Basic Authentication prompts from network proxies (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AllowVbaIntranetRefs** | Write | String | Allow VBA to load typelib references by path from untrusted intranet locations (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AutomationSecurity** | Write | String | Automation Security (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_SettheAutomationSecuritylevel** | Write | String | Set the Automation Security level (User) - Depends on L_AutomationSecurity (3: Disable macros by default, 2: Use application macro security level, 1: Macros enabled (default)) | `3`, `2`, `1` | +| **L_AuthenticationFBABehavior** | Write | String | Control how Office handles form-based sign-in prompts (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AuthenticationFBAEnabledHostsID** | Write | String | Specify hosts allowed to show form-based sign-in prompts to users: (User) - Depends on L_AuthenticationFBABehavior | | +| **L_authenticationFBABehaviorEnum** | Write | String | Behavior: (User) - Depends on L_AuthenticationFBABehavior (1: Block all prompts, 2: Ask the user what to do for each new host, 3: Show prompts only from allowed hosts) | `1`, `2`, `3` | +| **L_DisableStrictVbaRefsSecurityPolicy** | Write | String | Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DisableallTrustBarnotificationsfor** | Write | String | Disable all Trust Bar notifications for security issues (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Encryptiontypeforirm** | Write | String | Encryption mode for Information Rights Management (IRM) (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Encryptiontypeforirmcolon** | Write | String | IRM Encryption Mode: (User) - Depends on L_Encryptiontypeforirm (1: Cipher Block Chaining (CBC), 2: Electronic Codebook (ECB)) | `1`, `2` | +| **L_Encryptiontypeforpasswordprotectedoffice972003** | Write | String | Encryption type for password protected Office 97-2003 files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_encryptiontypecolon318** | Write | String | Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedoffice972003 | | +| **L_Encryptiontypeforpasswordprotectedofficeopen** | Write | String | Encryption type for password protected Office Open XML files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Encryptiontypecolon** | Write | String | Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedofficeopen | | +| **L_LoadControlsinForms3** | Write | String | Load Controls in Forms3 (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_LoadControlsinForms3colon** | Write | String | Load Controls in Forms3: (User) - Depends on L_LoadControlsinForms3 (1: 1, 2: 2, 3: 3, 4: 4) | `1`, `2`, `3`, `4` | +| **L_MacroRuntimeScanScope** | Write | String | Macro Runtime Scan Scope (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_MacroRuntimeScanScopeEnum** | Write | String | - Depends on L_MacroRuntimeScanScope (0: Disable for all documents, 1: Enable for low trust documents, 2: Enable for all documents) | `0`, `1`, `2` | +| **L_Protectdocumentmetadataforrightsmanaged** | Write | String | Protect document metadata for rights managed Office Open XML Files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Allowmixofpolicyanduserlocations** | Write | String | Allow mix of policy and user locations (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DisabletheOfficeclientfrompolling** | Write | String | Disable the Office client from polling the SharePoint Server for published links (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DisableSmartDocumentsuseofmanifests** | Write | String | Disable Smart Document's use of manifests (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OutlookSecurityMode** | Write | String | Outlook Security Mode (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMAddressAccess** | Write | String | Configure Outlook object model prompt when reading address information (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMAddressAccess_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_OOMMeetingTaskRequest** | Write | String | Configure Outlook object model prompt when responding to meeting and task requests (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMMeetingTaskRequest_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_OOMSend** | Write | String | Configure Outlook object model prompt when sending mail (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMSend_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_Preventusersfromcustomizingattachmentsecuritysettings** | Write | String | Prevent users from customizing attachment security settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_RetrievingCRLsCertificateRevocationLists** | Write | String | Retrieving CRLs (Certificate Revocation Lists) (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty31** | Write | String | (0: Use system Default, 1: When online always retreive the CRL, 2: Never retreive the CRL) | `0`, `1`, `2` | +| **L_OOMFormula** | Write | String | Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMFormula_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_AuthenticationwithExchangeServer** | Write | String | Authentication with Exchange Server (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_SelecttheauthenticationwithExchangeserver** | Write | String | Select the authentication with Exchange server. (User) (9: Kerberos/NTLM Password Authentication, 16: Kerberos Password Authentication, 10: NTLM Password Authentication, 2147545088: Insert a smart card) | `9`, `16`, `10`, `2147545088` | +| **L_EnableRPCEncryption** | Write | String | Enable RPC encryption (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Enablelinksinemailmessages** | Write | String | Allow hyperlinks in suspected phishing e-mail messages (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMAddressBook** | Write | String | Configure Outlook object model prompt when accessing an address book (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMAddressBook_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_OutlookSecurityPolicy** | Write | String | Outlook Security Policy: (User) - Depends on L_OutlookSecurityMode (0: Outlook Default Security, 1: Use Security Form from 'Outlook Security Settings' Public Folder, 2: Use Security Form from 'Outlook 10 Security Settings' Public Folder, 3: Use Outlook Security Group Policy) | `0`, `1`, `2`, `3` | +| **L_AllowUsersToLowerAttachments** | Write | String | Allow users to demote attachments to Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AllowActiveXOneOffForms** | Write | String | Allow Active X One Off Forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty29** | Write | String | Sets which ActiveX controls to allow. (0: Load only Outlook Controls, 1: Allows only Safe Controls, 2: Allows all ActiveX Controls) | `0`, `1`, `2` | +| **L_EnableScriptsInOneOffForms** | Write | String | Allow scripts in one-off Outlook forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Level2RemoveFilePolicy** | Write | String | Remove file extensions blocked as Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_removedextensions25** | Write | String | Removed Extensions: (User) | | +| **L_MSGUnicodeformatwhendraggingtofilesystem** | Write | String | Use Unicode format when dragging e-mail message to file system (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OnExecuteCustomActionOOM** | Write | String | Set Outlook object model custom actions execution prompt (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OnExecuteCustomActionOOM_Setting** | Write | String | When executing a custom action: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_DisableOutlookobjectmodelscriptsforpublicfolders** | Write | String | Do not allow Outlook object model scripts to run for public folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_BlockInternet** | Write | String | Include Internet in Safe Zones for Automatic Picture Download (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_SecurityLevelOutlook** | Write | String | Security setting for macros (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_SecurityLevel** | Write | String | Security Level (User) (2: Always warn, 4: Never warn, disable all, 3: Warn for signed, disable unsigned, 1: No security check) | `2`, `4`, `3`, `1` | +| **L_Level1RemoveFilePolicy** | Write | String | Remove file extensions blocked as Level 1 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_RemovedExtensions** | Write | String | Removed Extensions: (User) | | +| **L_SignatureWarning** | Write | String | Signature Warning (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_signaturewarning30** | Write | String | Signature Warning (User) (0: Let user decide if they want to be warned, 1: Always warn about invalid signatures, 2: Never warn about invalid signatures) | `0`, `1`, `2` | +| **L_Level1Attachments** | Write | String | Display Level 1 attachments (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Minimumencryptionsettings** | Write | String | Minimum encryption settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Minimumkeysizeinbits** | Write | SInt32 | Minimum key size (in bits): (User) | | +| **L_DisableOutlookobjectmodelscripts** | Write | String | Do not allow Outlook object model scripts to run for shared folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMSaveAs** | Write | String | Configure Outlook object model prompt when executing Save As (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_OOMSaveAs_Setting** | Write | String | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | `1`, `2`, `0`, `3` | +| **L_JunkEmailprotectionlevel** | Write | String | Junk E-mail protection level (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Selectlevel** | Write | String | Select level: (User) (4294967295: No Protection, 6: Low (Default), 3: High, 2147483648: Trusted Lists Only) | `4294967295`, `6`, `3`, `2147483648` | +| **L_RunPrograms** | Write | String | Run Programs (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_RunPrograms_L_Empty** | Write | String | - Depends on L_RunPrograms (0: disable (don't run any programs), 1: enable (prompt user before running), 2: enable all (run without prompting)) | `0`, `1`, `2` | +| **L_Determinewhethertoforceencryptedppt** | Write | String | Scan encrypted macros in PowerPoint Open XML presentations (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DeterminewhethertoforceencryptedpptDropID** | Write | String | - Depends on L_Determinewhethertoforceencryptedppt (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | `0`, `1`, `2` | +| **MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles** | Write | String | PowerPoint 97-2003 presentations, shows, templates and add-in files (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID** | Write | String | File block setting: (User) - Depends on L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `1`, `2`, `3`, `4`, `5` | +| **MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior** | Write | String | Set default file block behavior (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID** | Write | String | - Depends on MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | `0`, `1`, `2` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView** | Write | String | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView** | Write | String | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails** | Write | String | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3** | Write | String | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID** | Write | String | - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook** | Write | String | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty3** | Write | String | - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **MicrosoftPowerPoint_Security_L_TurnOffFileValidation** | Write | String | Turn off file validation (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty** | Write | String | - Depends on MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **L_PublisherAutomationSecurityLevel** | Write | String | Publisher Automation Security Level (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_PublisherAutomationSecurityLevel_L_Empty** | Write | String | - Depends on L_PublisherAutomationSecurityLevel (1: Low (enabled), 2: By UI (prompted), 3: High (disabled)) | `1`, `2`, `3` | +| **MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins (User) - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty0** | Write | String | - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Visio2000Files** | Write | String | Visio 2000-2002 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Visio2000FilesDropID** | Write | String | File block setting: (User) - Depends on L_Visio2000Files (0: Do not block, 2: Open/Save blocked) | `0`, `2` | +| **L_Visio2003Files** | Write | String | Visio 2003-2010 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Visio2003FilesDropID** | Write | String | File block setting: (User) - Depends on L_Visio2003Files (0: Do not block, 1: Save blocked, 2: Open/Save blocked) | `0`, `1`, `2` | +| **L_Visio50AndEarlierFiles** | Write | String | Visio 5.0 or earlier Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Visio50AndEarlierFilesDropID** | Write | String | File block setting: (User) - Depends on L_Visio50AndEarlierFiles (0: Do not block, 2: Open/Save blocked) | `0`, `2` | +| **MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty** | Write | String | - Depends on MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet** | Write | String | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AllowDDE** | Write | String | Dynamic Data Exchange (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_AllowDDEDropID** | Write | String | Dynamic Data Exchange setting (User) - Depends on L_AllowDDE (1: Limited Dynamic Data Exchange, 2: Allow Dynamic Data Exchange) | `1`, `2` | +| **MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior** | Write | String | Set default file block behavior (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID** | Write | String | - Depends on MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | `0`, `1`, `2` | +| **L_Word2AndEarlierBinaryDocumentsAndTemplates** | Write | String | Word 2 and earlier binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word2AndEarlierBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Word2000BinaryDocumentsAndTemplates** | Write | String | Word 2000 binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word2000BinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word2000BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Word2003BinaryDocumentsAndTemplates** | Write | String | Word 2003 binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word2003BinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word2003BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Word2007AndLaterBinaryDocumentsAndTemplates** | Write | String | Word 2007 and later binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word2007AndLaterBinaryDocumentsAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `1`, `2`, `3`, `4`, `5` | +| **L_Word6Pt0BinaryDocumentsAndTemplates** | Write | String | Word 6.0 binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word6Pt0BinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word6Pt0BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Word95BinaryDocumentsAndTemplates** | Write | String | Word 95 binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word95BinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word95BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_Word97BinaryDocumentsAndTemplates** | Write | String | Word 97 binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_Word97BinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_Word97BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **L_WordXPBinaryDocumentsAndTemplates** | Write | String | Word XP binary documents and templates (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_WordXPBinaryDocumentsAndTemplatesDropID** | Write | String | File block setting: (User) - Depends on L_WordXPBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | `0`, `2`, `3`, `4`, `5` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView** | Write | String | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView** | Write | String | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails** | Write | String | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID** | Write | String | - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3** | Write | String | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook** | Write | String | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned** | Write | String | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2** | Write | String | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DeterminewhethertoforceencryptedWord** | Write | String | Scan encrypted macros in Word Open XML documents (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_DeterminewhethertoforceencryptedWordDropID** | Write | String | - Depends on L_DeterminewhethertoforceencryptedWord (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | `0`, `1`, `2` | +| **MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy** | Write | String | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **L_empty19** | Write | String | - Depends on MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | `2`, `3`, `4`, `1` | +| **MicrosoftWord_Security_L_TurnOffFileValidation** | Write | String | Turn off file validation (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork** | Write | String | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | `0`, `1` | + + +## Description + +Intune Security Baseline Microsoft365 Apps For Enterprise + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All + +- **Update** + + - DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + L_powerpntexe101 = '1' + L_pptviewexe102 = '1' + L_visioexe103 = '1' + L_winprojexe104 = '1' + L_winwordexe105 = '1' + L_outlookexe106 = '1' + L_spdesignexe107 = '1' + L_exprwdexe108 = '1' + L_msaccessexe109 = '1' + L_onenoteexe110 = '1' + L_mse7exe111 = '1' + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '3' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + L_ProtectionFromZoneElevation = '1' + L_grooveexe98 = '1' + L_excelexe99 = '1' + L_mspubexe100 = '1' + L_powerpntexe101 = '1' + L_pptviewexe102 = '1' + L_visioexe103 = '1' + L_winprojexe104 = '1' + L_winwordexe105 = '1' + L_outlookexe106 = '1' + L_spdesignexe107 = '1' + L_exprwdexe108 = '1' + L_msaccessexe109 = '1' + L_onenoteexe110 = '1' + L_mse7exe111 = '1' + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise + { + MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1' + MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '2' # Updated property + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy' + { + DisplayName = 'test' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/teams/TeamsUpgradePolicy.md b/docs/docs/resources/teams/TeamsUpgradePolicy.md index f06cf2599e..e27774070c 100644 --- a/docs/docs/resources/teams/TeamsUpgradePolicy.md +++ b/docs/docs/resources/teams/TeamsUpgradePolicy.md @@ -5,7 +5,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **Identity** | Key | String | Identity of the Teams Upgrade Policy. | | -| **Users** | Write | StringArray[] | List of users that will be granted the Upgrade Policy to. | | +| **Users** | Write | StringArray[] | List of users that will be granted the Upgrade Policy to. Use value * to apply the policy globally. | | | **MigrateMeetingsToTeams** | Write | Boolean | Specifies whether to move existing Skype for Business meetings organized by the user to Teams. This parameter can only be true if the mode of the specified policy instance is either TeamsOnly or SfBWithTeamsCollabAndMeetings, and if the policy instance is being granted to a specific user. It not possible to trigger meeting migration when granting TeamsUpgradePolicy to the entire tenant. | | | **Credential** | Write | PSCredential | Credentials of the Teams Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | |