-
Notifications
You must be signed in to change notification settings - Fork 517
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3914 from ricmestre/fix3913
IntuneAccountProtection*Policy: Use proper embedded instance for Assignments on export
- Loading branch information
Showing
7 changed files
with
39 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
57 changes: 29 additions & 28 deletions
57
...ionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,37 +1,38 @@ | ||
[ClassVersion("1.0.0.0")] | ||
class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments | ||
{ | ||
[Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; | ||
[Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; | ||
[Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; | ||
[Write, Description("The group Id that is the target of the assignment.")] String groupId; | ||
[Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; | ||
[Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; | ||
[Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; | ||
[Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; | ||
[Write, Description("The group Id that is the target of the assignment.")] String groupId; | ||
[Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; | ||
[Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; | ||
}; | ||
|
||
[ClassVersion("1.0.0.0"), FriendlyName("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy")] | ||
class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI_BaseResource | ||
{ | ||
[Key, Description("Identity of the account protection local administrator password solution policy.")] String Identity; | ||
[Required, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName; | ||
[Write, Description("Description of the account protection local administrator password solution policy.")] String Description; | ||
[Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[]; | ||
[Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory; | ||
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD; | ||
[Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays; | ||
[Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled; | ||
[Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize; | ||
[Write, Description("Configures whether the password is encrypted before being stored in Active Directory.")] Boolean AdPasswordEncryptionEnabled; | ||
[Write, Description("Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.")] String AdPasswordEncryptionPrincipal; | ||
[Write, Description("Configures the name of the managed local administrator account.")] String AdministratorAccountName; | ||
[Write, Description("Configures the password complexity of the managed local administrator account. 1 - Large letters, 2 - Large + small letters, 3 - Large + small letters + numbers, 4 - Large + small letters + numbers + special characters"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] UInt32 PasswordComplexity; | ||
[Write, Description("Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64")] UInt32 PasswordLength; | ||
[Write, Description("Specifies the actions to take upon expiration of the configured grace period. 1 - Reset password, 3 - Reset password and log off, 5 - Reset password and restart"), ValueMap{"1", "3", "5"}, Values{"1", "3", "5"}] UInt32 PostAuthenticationActions; | ||
[Write, Description("Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24")] UInt32 PostAuthenticationResetDelay; | ||
[Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; | ||
[Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; | ||
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; | ||
[Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; | ||
[Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; | ||
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; | ||
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; | ||
[Key, Description("Identity of the account protection local administrator password solution policy.")] String Identity; | ||
[Required, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName; | ||
[Write, Description("Description of the account protection local administrator password solution policy.")] String Description; | ||
[Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[]; | ||
[Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory; | ||
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD; | ||
[Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays; | ||
[Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled; | ||
[Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize; | ||
[Write, Description("Configures whether the password is encrypted before being stored in Active Directory.")] Boolean AdPasswordEncryptionEnabled; | ||
[Write, Description("Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.")] String AdPasswordEncryptionPrincipal; | ||
[Write, Description("Configures the name of the managed local administrator account.")] String AdministratorAccountName; | ||
[Write, Description("Configures the password complexity of the managed local administrator account. 1 - Large letters, 2 - Large + small letters, 3 - Large + small letters + numbers, 4 - Large + small letters + numbers + special characters"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] UInt32 PasswordComplexity; | ||
[Write, Description("Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64")] UInt32 PasswordLength; | ||
[Write, Description("Specifies the actions to take upon expiration of the configured grace period. 1 - Reset password, 3 - Reset password and log off, 5 - Reset password and restart"), ValueMap{"1", "3", "5"}, Values{"1", "3", "5"}] UInt32 PostAuthenticationActions; | ||
[Write, Description("Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24")] UInt32 PostAuthenticationResetDelay; | ||
[Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; | ||
[Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; | ||
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; | ||
[Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; | ||
[Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; | ||
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; | ||
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file modified
BIN
+230 Bytes
(100%)
...oupMembershipPolicy/MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy.schema.mof
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file modified
BIN
+230 Bytes
(100%)
...esources/MSFT_IntuneAccountProtectionPolicy/MSFT_IntuneAccountProtectionPolicy.schema.mof
Binary file not shown.