diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ed55341fb..308612b6ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ * IntuneAntivirusExclusionsPolicyMacOS * Initial release. +* IntuneAntivirusPolicyWindows10SettingCatalog + * Update properties to be upper-case. + Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) +* M365DSCDRGUtil + * Restrict CIM instance access to properties that appear multiple times. + * Switch log type for not found Intune assignments to `Warning`. # 1.24.1106.3 @@ -120,8 +126,6 @@ * EXOArcConfig * Fixed `Test-TargetResource` to correctly check property `ArcTrustedSealers` when it has an array -* EXOM365DataAtRestEncryptionPolicy - * Initial release. * EXOMailboxAuditBypassAssociation * Initial release. * EXOMailboxSettings diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.psm1 deleted file mode 100644 index 47e321452c..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.psm1 +++ /dev/null @@ -1,395 +0,0 @@ -function Get-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String[]] - $AzureKeyIDs, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure, - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters | Out-Null - - Confirm-M365DSCDependencies - - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' - try - { - if ($null -ne $Script:exportedInstances -and $Script:ExportMode) - { - $instance = $Script:exportedInstances | Where-Object -FilterScript {$_.Identity.Name -eq $Identity} - } - else - { - $instance = Get-M365DataAtRestEncryptionPolicy -Identity $Identity -ErrorAction Stop - } - if ($null -eq $instance) - { - return $nullResult - } - - $results = @{ - Identity = $Identity - Description = [System.String]$instance.Description - Enabled = [System.Boolean]$instance.Enabled - Name = [System.String]$instance.Name - AzureKeyIDs = [System.String[]]$instance.AzureKeyIDs - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - return [System.Collections.Hashtable] $results - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return $nullResult - } -} - -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String[]] - $AzureKeyIDs, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure, - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentInstance = Get-TargetResource @PSBoundParameters - - $setParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - - # CREATE - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - $setParameters.Remove('Identity') - New-M365DataAtRestEncryptionPolicy @SetParameters - } - # UPDATE - elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') - { - $setParameters.Remove('AzureKeyIDs') - $setParameters.Remove('Name') - Set-M365DataAtRestEncryptionPolicy @SetParameters - } - elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') - { - Write-Warning "Removal of EXOM365DataAtRestEncryptionPolicy is not supported." - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - [Parameter(Mandatory = $true)] - [System.String] - $Identity, - - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.Boolean] - $Enabled, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.String[]] - $AzureKeyIDs, - - [Parameter()] - [ValidateSet('Present', 'Absent')] - [System.String] - $Ensure, - - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - - $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult -} - -function Export-TargetResource -{ - [CmdletBinding()] - [OutputType([System.String])] - param - ( - [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, - - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, - - [Parameter()] - [System.String] - $CertificateThumbprint, - - [Parameter()] - [Switch] - $ManagedIdentity, - - [Parameter()] - [System.String[]] - $AccessTokens - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` - -InboundParameters $PSBoundParameters - - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - try - { - $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-M365DataAtRestEncryptionPolicy -ErrorAction Stop - - $i = 1 - $dscContent = '' - if ($Script:exportedInstances.Length -eq 0) - { - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - else - { - Write-Host "`r`n" -NoNewline - } - foreach ($config in $Script:exportedInstances) - { - $displayedKey = $config.Identity - Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline - $params = @{ - Identity = $config.Identity - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - AccessTokens = $AccessTokens - } - - $Results = Get-TargetResource @Params - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName - $i++ - Write-Host $Global:M365DSCEmojiGreenCheckMark - } - return $dscContent - } - catch - { - Write-Host $Global:M365DSCEmojiRedX - - New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - - return '' - } -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.schema.mof deleted file mode 100644 index d790e46f09..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/MSFT_EXOM365DataAtRestEncryptionPolicy.schema.mof +++ /dev/null @@ -1,16 +0,0 @@ -[ClassVersion("1.0.0.0"), FriendlyName("EXOM365DataAtRestEncryptionPolicy")] -class MSFT_EXOM365DataAtRestEncryptionPolicy : OMI_BaseResource -{ - [Key, Description("The Identity parameter specifies the data-at-rest encryption policy that you want to modify.")] String Identity; - [Write, Description("The Name parameter specifies a unique name for the Microsoft 365 data-at-rest encryption policy.")] String Name; - [Write, Description("The Description parameter specifies an optional description for the policy.")] String Description; - [Write, Description("The Enabled parameter specifies whether the policy is enabled or disabled. ")] Boolean Enabled; - [Write, Description("The AzureKeyIDs parameter specifies the URL of the encryption key in the Azure Key Vault that's used for encryption.")] String AzureKeyIDs[]; - [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; - [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/readme.md deleted file mode 100644 index 77f3d11aeb..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# EXOM365DataAtRestEncryptionPolicy - -## Description - -Microsoft 365 data-at-rest encryption policy for multi-workload usage. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/settings.json deleted file mode 100644 index 0e930a6e20..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOM365DataAtRestEncryptionPolicy/settings.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "resourceName": "EXOM365DataAtRestEncryptionPolicy", - "description": "Microsoft 365 data-at-rest encryption policy for multi-workload usage.", - "roles": { - "read": [ - "Global Reader" - ], - "update": [ - "Exchange Administrator" - ] - }, - "permissions": { - "graph": { - "delegated": { - "read": [], - "update": [] - }, - "application": { - "read": [], - "update": [] - } - }, - "exchange": { - "requiredroles": [ - "Compliance Admin" - ], - "requiredrolegroups": "Organization Management" - } - } -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 79cd8949f8..b4835676ce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -19,151 +19,156 @@ function Get-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowarchivescanning, + $AllowArchiveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowbehaviormonitoring, + $AllowBehaviorMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowcloudprotection, + $AllowCloudProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowdatagramprocessingonwinserver, + $AllowDatagramProcessingOnWinServer, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowemailscanning, + $AllowEmailScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanonmappednetworkdrives, + $AllowFullScanOnMappedNetworkDrives, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanremovabledrivescanning, + $AllowFullScanRemovableDriveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowintrusionpreventionsystem, + $AllowIntrusionPreventionSystem, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowioavprotection, + $AllowIOAVProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allownetworkprotectiondownlevel, + $AllowNetworkProtectionDownLevel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowrealtimemonitoring, + $AllowOnAccessProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscanningnetworkfiles, + $AllowRealtimeMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscriptscanning, + $AllowScanningNetworkFiles, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowuseruiaccess, + $AllowScriptScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUserUIAccess, [Parameter()] [System.int32] - $avgcpuloadfactor, + $AvgCPULoadFactor, [Parameter()] [System.Int32] - $archivemaxdepth, + $ArchiveMaxDepth, [Parameter()] [System.Int32] - $archivemaxsize, + $ArchiveMaxSize, [Parameter()] [ValidateSet('0', '1')] [System.String] - $checkforsignaturesbeforerunningscan, + $CheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('0', '2', '4', '6')] [System.String] - $cloudblocklevel, + $CloudBlockLevel, [Parameter()] [System.Int32] - $cloudextendedtimeout, + $CloudExtendedTimeout, [Parameter()] [System.String] - $companyname, + $CompanyName, [Parameter()] [System.Int32] - $daystoretaincleanedmalware, + $DaysToRetainCleanedMalware, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableaccountprotectionui, + $DisableAccountProtectionUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableappbrowserui, + $DisableAppBrowserUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecleartpmbutton, + $DisableClearTpmButton, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabledevicesecurityui, + $DisableDeviceSecurityUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablednsovertcpparsing, + $DisableDnsOverTcpParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableenhancednotifications, + $DisableEnhancedNotifications, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablefamilyui, + $DisableFamilyUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehealthui, + $DisableHealthUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehttpparsing, + $DisableHttpParsing, [Parameter()] [ValidateSet('1', '0')] @@ -173,203 +178,208 @@ function Get-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablenetworkui, + $DisableNetworkUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletpmfirmwareupdatewarning, + $DisableTpmFirmwareUpdateWarning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablevirusui, + $DisableVirusUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupfullscan, + $DisableCatchupFullScan, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupquickscan, + $DisableCatchupQuickScan, [Parameter()] + [ValidateSet('0', '1')] [System.String] - $email, + $DisableCoreServiceECSIntegration, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablecustomizedtoasts, + $DisableCoreServiceTelemetry, + + [Parameter()] + [System.String] + $Email, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enableinappcustomization, + $EnableCustomizedToasts, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablelowcpupriority, + $EnableInAppCustomization, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $EnableLowCPUPriority, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $enablenetworkprotection, + $EnableNetworkProtection, [Parameter()] [System.String[]] - $excludedextensions, + $ExcludedExtensions, [Parameter()] [System.String[]] - $excludedpaths, + $ExcludedPaths, [Parameter()] [System.String[]] - $excludedprocesses, + $ExcludedProcesses, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hideransomwaredatarecovery, + $HideRansomwareDataRecovery, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hidewindowssecuritynotificationareacontrol, + $HideWindowsSecurityNotificationAreaControl, [Parameter()] [System.String] - $phone, + $Phone, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $puaprotection, + $PUAProtection, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $engineupdateschannel, + $EngineUpdatesChannel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $meteredconnectionupdates, + $MeteredConnectionUpdates, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $platformupdateschannel, + $PlatformUpdatesChannel, [Parameter()] [ValidateSet('0', '4', '5')] [System.String] - $securityintelligenceupdateschannel, + $SecurityIntelligenceUpdatesChannel, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $realtimescandirection, + $RealTimeScanDirection, [Parameter()] [ValidateSet('1', '2')] [System.String] - $scanparameter, + $ScanParameter, [Parameter()] [System.Int32] - $schedulequickscantime, + $ScheduleQuickScanTime, [Parameter()] [ValidateSet('0', '1', '2', '3', '4', '5', '6', '7', '8')] [System.String] - $schedulescanday, + $ScheduleScanDay, [Parameter()] [ValidateRange(0, 1380)] [System.Int32] - $schedulescantime, + $ScheduleScanTime, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletlsparsing, + $DisableTlsParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $randomizescheduletasktimes, + $RandomizeScheduleTaskTimes, [Parameter()] [ValidateRange(1,23)] [System.Int32] - $schedulerrandomizationtime, + $SchedulerRandomizationTime, [Parameter()] [System.String[]] - $signatureupdatefallbackorder, + $SignatureUpdateFallbackOrder, [Parameter()] [System.String[]] - $signatureupdatefilesharessources, + $SignatureUpdateFileSharesSources, [Parameter()] [ValidateRange(0, 24)] [System.Int32] - $signatureupdateinterval, + $SignatureUpdateInterval, [Parameter()] [ValidateSet('0', '1', '2', '3')] [System.String] - $submitsamplesconsent, + $SubmitSamplesConsent, [Parameter()] [ValidateSet('0', '1')] [System.String] - $tamperprotection, - - [Parameter()] - [System.String] - $url, + $TamperProtection, [Parameter()] - [ValidateSet('0', '1')] [System.String] - $disablelocaladminmerge, + $URL, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowonaccessprotection, + $DisableLocalAdminMerge, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $lowseveritythreats, + $LowSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $moderateseveritythreats, + $ModerateSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $severethreats, + $SevereThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $highseveritythreats, + $HighSeverityThreats, [Parameter()] [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1')] [System.String] - $templateId, + $TemplateId, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -473,7 +483,28 @@ function Get-TargetResource $returnHashtable.Add('Identity', $Identity) $returnHashtable.Add('DisplayName', $policy.name) $returnHashtable.Add('Description', $policy.description) - $returnHashtable.Add('templateId', $policy.templateReference.templateId) + $returnHashtable.Add('TemplateId', $policy.templateReference.TemplateId) + + if ($null -ne $policySettings.SevereThreatDefaultAction) + { + $returnHashtable.Add('SevereThreats', $policySettings.SevereThreatDefaultAction) + $policySettings.Remove('SevereThreatDefaultAction') + } + if ($null -ne $policySettings.HighSeverityThreatDefaultAction) + { + $returnHashtable.Add('HighSeverityThreats', $policySettings.HighSeverityThreatDefaultAction) + $policySettings.Remove('HighSeverityThreatDefaultAction') + } + if ($null -ne $policySettings.ModerateSeverityThreatDefaultAction) + { + $returnHashtable.Add('ModerateSeverityThreats', $policySettings.ModerateSeverityThreatDefaultAction) + $policySettings.Remove('ModerateSeverityThreatDefaultAction') + } + if ($null -ne $policySettings.LowSeverityThreatDefaultAction) + { + $returnHashtable.Add('LowSeverityThreats', $policySettings.LowSeverityThreatDefaultAction) + $policySettings.Remove('LowSeverityThreatDefaultAction') + } $returnHashtable += $policySettings $returnAssignments = @() @@ -530,151 +561,156 @@ function Set-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowarchivescanning, + $AllowArchiveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowbehaviormonitoring, + $AllowBehaviorMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowcloudprotection, + $AllowCloudProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowdatagramprocessingonwinserver, + $AllowDatagramProcessingOnWinServer, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowemailscanning, + $AllowEmailScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanonmappednetworkdrives, + $AllowFullScanOnMappedNetworkDrives, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanremovabledrivescanning, + $AllowFullScanRemovableDriveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowintrusionpreventionsystem, + $AllowIntrusionPreventionSystem, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowioavprotection, + $AllowIOAVProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allownetworkprotectiondownlevel, + $AllowNetworkProtectionDownLevel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowrealtimemonitoring, + $AllowOnAccessProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscanningnetworkfiles, + $AllowRealtimeMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscriptscanning, + $AllowScanningNetworkFiles, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowuseruiaccess, + $AllowScriptScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUserUIAccess, [Parameter()] [System.int32] - $avgcpuloadfactor, + $AvgCPULoadFactor, [Parameter()] [System.Int32] - $archivemaxdepth, + $ArchiveMaxDepth, [Parameter()] [System.Int32] - $archivemaxsize, + $ArchiveMaxSize, [Parameter()] [ValidateSet('0', '1')] [System.String] - $checkforsignaturesbeforerunningscan, + $CheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('0', '2', '4', '6')] [System.String] - $cloudblocklevel, + $CloudBlockLevel, [Parameter()] [System.Int32] - $cloudextendedtimeout, + $CloudExtendedTimeout, [Parameter()] [System.String] - $companyname, + $CompanyName, [Parameter()] [System.Int32] - $daystoretaincleanedmalware, + $DaysToRetainCleanedMalware, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableaccountprotectionui, + $DisableAccountProtectionUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableappbrowserui, + $DisableAppBrowserUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecleartpmbutton, + $DisableClearTpmButton, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabledevicesecurityui, + $DisableDeviceSecurityUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablednsovertcpparsing, + $DisableDnsOverTcpParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableenhancednotifications, + $DisableEnhancedNotifications, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablefamilyui, + $DisableFamilyUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehealthui, + $DisableHealthUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehttpparsing, + $DisableHttpParsing, [Parameter()] [ValidateSet('1', '0')] @@ -684,203 +720,208 @@ function Set-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablenetworkui, + $DisableNetworkUI, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DisableTpmFirmwareUpdateWarning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletpmfirmwareupdatewarning, + $DisableVirusUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablevirusui, + $DisableCatchupFullScan, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupfullscan, + $DisableCatchupQuickScan, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupquickscan, + $DisableCoreServiceECSIntegration, [Parameter()] + [ValidateSet('0', '1')] [System.String] - $email, + $DisableCoreServiceTelemetry, + + [Parameter()] + [System.String] + $Email, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablecustomizedtoasts, + $EnableCustomizedToasts, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enableinappcustomization, + $EnableInAppCustomization, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablelowcpupriority, + $EnableLowCPUPriority, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $enablenetworkprotection, + $EnableNetworkProtection, [Parameter()] [System.String[]] - $excludedextensions, + $ExcludedExtensions, [Parameter()] [System.String[]] - $excludedpaths, + $ExcludedPaths, [Parameter()] [System.String[]] - $excludedprocesses, + $ExcludedProcesses, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hideransomwaredatarecovery, + $HideRansomwareDataRecovery, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hidewindowssecuritynotificationareacontrol, + $HideWindowsSecurityNotificationAreaControl, [Parameter()] [System.String] - $phone, + $Phone, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $puaprotection, + $PUAProtection, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $engineupdateschannel, + $EngineUpdatesChannel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $meteredconnectionupdates, + $MeteredConnectionUpdates, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $platformupdateschannel, + $PlatformUpdatesChannel, [Parameter()] [ValidateSet('0', '4', '5')] [System.String] - $securityintelligenceupdateschannel, + $SecurityIntelligenceUpdatesChannel, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $realtimescandirection, + $RealTimeScanDirection, [Parameter()] [ValidateSet('1', '2')] [System.String] - $scanparameter, + $ScanParameter, [Parameter()] [System.Int32] - $schedulequickscantime, + $ScheduleQuickScanTime, [Parameter()] [ValidateSet('0', '1', '2', '3', '4', '5', '6', '7', '8')] [System.String] - $schedulescanday, + $ScheduleScanDay, [Parameter()] [ValidateRange(0, 1380)] [System.Int32] - $schedulescantime, + $ScheduleScanTime, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletlsparsing, + $DisableTlsParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $randomizescheduletasktimes, + $RandomizeScheduleTaskTimes, [Parameter()] [ValidateRange(1,23)] [System.Int32] - $schedulerrandomizationtime, + $SchedulerRandomizationTime, [Parameter()] [System.String[]] - $signatureupdatefallbackorder, + $SignatureUpdateFallbackOrder, [Parameter()] [System.String[]] - $signatureupdatefilesharessources, + $SignatureUpdateFileSharesSources, [Parameter()] [ValidateRange(0, 24)] [System.Int32] - $signatureupdateinterval, + $SignatureUpdateInterval, [Parameter()] [ValidateSet('0', '1', '2', '3')] [System.String] - $submitsamplesconsent, + $SubmitSamplesConsent, [Parameter()] [ValidateSet('0', '1')] [System.String] - $tamperprotection, + $TamperProtection, [Parameter()] [System.String] - $url, + $URL, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablelocaladminmerge, - - [Parameter()] - [ValidateSet('0', '1')] - [System.String] - $allowonaccessprotection, + $DisableLocalAdminMerge, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $lowseveritythreats, + $LowSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $moderateseveritythreats, + $ModerateSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $severethreats, + $SevereThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $highseveritythreats, + $HighSeverityThreats, [Parameter()] [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1')] [System.String] - $templateId, + $TemplateId, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] @@ -938,7 +979,28 @@ function Set-TargetResource $currentPolicy = Get-TargetResource @PSBoundParameters $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $templateReferenceId = $templateId + if ($BoundParameters.ContainsKey('SevereThreats')) + { + $BoundParameters.Add('SevereThreatDefaultAction', $BoundParameters['SevereThreats']) + $BoundParameters.Remove('SevereThreats') + } + if ($BoundParameters.ContainsKey('HighSeverityThreats')) + { + $BoundParameters.Add('HighSeverityThreatDefaultAction', $BoundParameters['HighSeverityThreats']) + $BoundParameters.Remove('HighSeverityThreats') + } + if ($BoundParameters.ContainsKey('ModerateSeverityThreats')) + { + $BoundParameters.Add('ModerateSeverityThreatDefaultAction', $BoundParameters['ModerateSeverityThreats']) + $BoundParameters.Remove('ModerateSeverityThreats') + } + if ($BoundParameters.ContainsKey('LowSeverityThreats')) + { + $BoundParameters.Add('LowSeverityThreatDefaultAction', $BoundParameters['LowSeverityThreats']) + $BoundParameters.Remove('LowSeverityThreats') + } + + $templateReferenceId = $TemplateId $platforms = 'windows10' $technologies = 'mdm,microsoftSense' @@ -976,6 +1038,7 @@ function Set-TargetResource Write-Verbose -Message "Updating existing Endpoint Protection Policy {$($currentPolicy.DisplayName)}" $BoundParameters.Remove('Identity') | Out-Null $BoundParameters.Remove('Assignments') | Out-Null + $BoundParameters.Remove('TemplateId') | Out-Null $settings = Get-IntuneSettingCatalogPolicySetting ` -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` @@ -1024,151 +1087,156 @@ function Test-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowarchivescanning, + $AllowArchiveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowbehaviormonitoring, + $AllowBehaviorMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowcloudprotection, + $AllowCloudProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowdatagramprocessingonwinserver, + $AllowDatagramProcessingOnWinServer, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowemailscanning, + $AllowEmailScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanonmappednetworkdrives, + $AllowFullScanOnMappedNetworkDrives, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowfullscanremovabledrivescanning, + $AllowFullScanRemovableDriveScanning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowintrusionpreventionsystem, + $AllowIntrusionPreventionSystem, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowioavprotection, + $AllowIOAVProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allownetworkprotectiondownlevel, + $AllowNetworkProtectionDownLevel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowrealtimemonitoring, + $AllowOnAccessProtection, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscanningnetworkfiles, + $AllowRealtimeMonitoring, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowscriptscanning, + $AllowScanningNetworkFiles, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowuseruiaccess, + $AllowScriptScanning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $AllowUserUIAccess, [Parameter()] [System.int32] - $avgcpuloadfactor, + $AvgCPULoadFactor, [Parameter()] [System.Int32] - $archivemaxdepth, + $ArchiveMaxDepth, [Parameter()] [System.Int32] - $archivemaxsize, + $ArchiveMaxSize, [Parameter()] [ValidateSet('0', '1')] [System.String] - $checkforsignaturesbeforerunningscan, + $CheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('0', '2', '4', '6')] [System.String] - $cloudblocklevel, + $CloudBlockLevel, [Parameter()] [System.Int32] - $cloudextendedtimeout, + $CloudExtendedTimeout, [Parameter()] [System.String] - $companyname, + $CompanyName, [Parameter()] [System.Int32] - $daystoretaincleanedmalware, + $DaysToRetainCleanedMalware, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableaccountprotectionui, + $DisableAccountProtectionUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableappbrowserui, + $DisableAppBrowserUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecleartpmbutton, + $DisableClearTpmButton, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabledevicesecurityui, + $DisableDeviceSecurityUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablednsovertcpparsing, + $DisableDnsOverTcpParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disableenhancednotifications, + $DisableEnhancedNotifications, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablefamilyui, + $DisableFamilyUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehealthui, + $DisableHealthUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablehttpparsing, + $DisableHttpParsing, [Parameter()] [ValidateSet('1', '0')] @@ -1178,203 +1246,208 @@ function Test-TargetResource [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablenetworkui, + $DisableNetworkUI, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DisableTpmFirmwareUpdateWarning, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletpmfirmwareupdatewarning, + $DisableVirusUI, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablevirusui, + $DisableCatchupFullScan, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupfullscan, + $DisableCatchupQuickScan, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disablecatchupquickscan, + $DisableCoreServiceECSIntegration, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $DisableCoreServiceTelemetry, [Parameter()] [System.String] - $email, + $Email, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablecustomizedtoasts, + $EnableCustomizedToasts, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enableinappcustomization, + $EnableInAppCustomization, [Parameter()] [ValidateSet('0', '1')] [System.String] - $enablelowcpupriority, + $EnableLowCPUPriority, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $enablenetworkprotection, + $EnableNetworkProtection, [Parameter()] [System.String[]] - $excludedextensions, + $ExcludedExtensions, [Parameter()] [System.String[]] - $excludedpaths, + $ExcludedPaths, [Parameter()] [System.String[]] - $excludedprocesses, + $ExcludedProcesses, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hideransomwaredatarecovery, + $HideRansomwareDataRecovery, [Parameter()] [ValidateSet('0', '1')] [System.String] - $hidewindowssecuritynotificationareacontrol, + $HideWindowsSecurityNotificationAreaControl, [Parameter()] [System.String] - $phone, + $Phone, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $puaprotection, + $PUAProtection, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $engineupdateschannel, + $EngineUpdatesChannel, [Parameter()] [ValidateSet('0', '1')] [System.String] - $meteredconnectionupdates, + $MeteredConnectionUpdates, [Parameter()] [ValidateSet('0', '2', '3', '4', '5', '6')] [System.String] - $platformupdateschannel, + $PlatformUpdatesChannel, [Parameter()] [ValidateSet('0', '4', '5')] [System.String] - $securityintelligenceupdateschannel, + $SecurityIntelligenceUpdatesChannel, [Parameter()] [ValidateSet('0', '1', '2')] [System.String] - $realtimescandirection, + $RealTimeScanDirection, [Parameter()] [ValidateSet('1', '2')] [System.String] - $scanparameter, + $ScanParameter, [Parameter()] [System.Int32] - $schedulequickscantime, + $ScheduleQuickScanTime, [Parameter()] [ValidateSet('0', '1', '2', '3', '4', '5', '6', '7', '8')] [System.String] - $schedulescanday, + $ScheduleScanDay, [Parameter()] [ValidateRange(0, 1380)] [System.Int32] - $schedulescantime, + $ScheduleScanTime, [Parameter()] [ValidateSet('0', '1')] [System.String] - $disabletlsparsing, + $DisableTlsParsing, [Parameter()] [ValidateSet('0', '1')] [System.String] - $randomizescheduletasktimes, + $RandomizeScheduleTaskTimes, [Parameter()] [ValidateRange(1,23)] [System.Int32] - $schedulerrandomizationtime, + $SchedulerRandomizationTime, [Parameter()] [System.String[]] - $signatureupdatefallbackorder, + $SignatureUpdateFallbackOrder, [Parameter()] [System.String[]] - $signatureupdatefilesharessources, + $SignatureUpdateFileSharesSources, [Parameter()] [ValidateRange(0, 24)] [System.Int32] - $signatureupdateinterval, + $SignatureUpdateInterval, [Parameter()] [ValidateSet('0', '1', '2', '3')] [System.String] - $submitsamplesconsent, + $SubmitSamplesConsent, [Parameter()] [ValidateSet('0', '1')] [System.String] - $tamperprotection, + $TamperProtection, [Parameter()] [System.String] - $url, - - [Parameter()] - [ValidateSet('0', '1')] - [System.String] - $disablelocaladminmerge, + $URL, [Parameter()] [ValidateSet('0', '1')] [System.String] - $allowonaccessprotection, + $DisableLocalAdminMerge, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $lowseveritythreats, + $LowSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $moderateseveritythreats, + $ModerateSeverityThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $severethreats, + $SevereThreats, [Parameter()] [ValidateSet('clean', 'quarantine', 'remove', 'allow', 'userdefined', 'block')] [System.String] - $highseveritythreats, + $HighSeverityThreats, [Parameter()] [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', 'e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1', '804339ad-1553-4478-a742-138fb5807418_1')] [System.String] - $templateId, + $TemplateId, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index da964ec534..c41a78c5df 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof @@ -15,80 +15,82 @@ class MSFT_IntuneAntivirusPolicyWindows10SettingCatalog : OMI_BaseResource [Key, Description("Display name of the endpoint protection policy for Windows 10.")] String DisplayName; [Write, Description("Identity of the endpoint protection policy for Windows 10.")] String Identity; [Write, Description("Description of the endpoint protection policy for Windows 10.")] String Description; - [Write, Description("Allows or disallows scanning of archives. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String tamperprotection; - [Write, Description("Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableaccountprotectionui; - [Write, Description("Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableappbrowserui; - [Write, Description("Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecleartpmbutton; - [Write, Description("Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disabledevicesecurityui; - [Write, Description("Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablefamilyui; - [Write, Description("Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablehealthui; - [Write, Description("Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablenetworkui; - [Write, Description("Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disableenhancednotifications; - [Write, Description("Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disabletpmfirmwareupdatewarning; - [Write, Description("Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablevirusui; - [Write, Description("Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String hideransomwaredatarecovery; - [Write, Description("This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String hidewindowssecuritynotificationareacontrol; - [Write, Description("Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enablecustomizedtoasts; - [Write, Description("Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enableinappcustomization; - [Write, Description("The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.")] String companyname; - [Write, Description("The email address that is displayed to users. The default mail application is used to initiate email actions.")] String email; - [Write, Description("The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.")] String phone; - [Write, Description("The help portal URL that is displayed to users. The default browser is used to initiate this action.")] String url; - [Write, Description("Allows or disallows scanning of archives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowarchivescanning; - [Write, Description("Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowbehaviormonitoring; - [Write, Description("To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowcloudprotection; - [Write, Description("Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowdatagramprocessingonwinserver; - [Write, Description("Allows or disallows scanning of email. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowemailscanning; - [Write, Description("Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowfullscanonmappednetworkdrives; - [Write, Description("Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowfullscanremovabledrivescanning; - [Write, Description("https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowintrusionpreventionsystem; - [Write, Description("Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowioavprotection; - [Write, Description("Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allownetworkprotectiondownlevel; - [Write, Description("Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowrealtimemonitoring; - [Write, Description("Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowscanningnetworkfiles; - [Write, Description("Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowscriptscanning; - [Write, Description("Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI)"), ValueMap{"0","1"}, Values{"0","1"}] String allowuseruiaccess; - [Write, Description("Represents the average CPU load factor for the Windows Defender scan (in percent).")] sInt32 avgcpuloadfactor; - [Write, Description("Specify the maximum folder depth to extract from archive files for scanning.")] sInt32 archivemaxdepth; - [Write, Description("Specify the maximum size, in KB, of archive files to be extracted and scanned.")] sInt32 archivemaxsize; - [Write, Description("This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String checkforsignaturesbeforerunningscan; - [Write, Description("This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level)"), ValueMap{"0","2","4","6"}, Values{"0","2","4","6"}] String cloudblocklevel; - [Write, Description("This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.")] sInt32 cloudextendedtimeout; - [Write, Description("Time period (in days) that quarantine items will be stored on the system.")] sInt32 daystoretaincleanedmalware; - [Write, Description("This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecatchupfullscan; - [Write, Description("This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disablecatchupquickscan; - [Write, Description("Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablednsovertcpparsing; - [Write, Description("Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String disablehttpparsing; + [Write, Description("Allows or disallows scanning of archives. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String TamperProtection; + [Write, Description("Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableAccountProtectionUI; + [Write, Description("Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableAppBrowserUI; + [Write, Description("Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableClearTpmButton; + [Write, Description("Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableDeviceSecurityUI; + [Write, Description("Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableFamilyUI; + [Write, Description("Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableHealthUI; + [Write, Description("Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableNetworkUI; + [Write, Description("Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableEnhancedNotifications; + [Write, Description("Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableTpmFirmwareUpdateWarning; + [Write, Description("Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableVirusUI; + [Write, Description("Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String HideRansomwareDataRecovery; + [Write, Description("This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String HideWindowsSecurityNotificationAreaControl; + [Write, Description("Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String EnableCustomizedToasts; + [Write, Description("Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String EnableInAppCustomization; + [Write, Description("The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.")] String CompanyName; + [Write, Description("The email address that is displayed to users. The default mail application is used to initiate email actions.")] String Email; + [Write, Description("The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.")] String Phone; + [Write, Description("The help portal URL that is displayed to users. The default browser is used to initiate this action.")] String URL; + [Write, Description("Allows or disallows scanning of archives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowArchiveScanning; + [Write, Description("Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowBehaviorMonitoring; + [Write, Description("To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowCloudProtection; + [Write, Description("Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowDatagramProcessingOnWinServer; + [Write, Description("Allows or disallows scanning of email. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowEmailScanning; + [Write, Description("Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowFullScanOnMappedNetworkDrives; + [Write, Description("Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowFullScanRemovableDriveScanning; + [Write, Description("https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowIntrusionPreventionSystem; + [Write, Description("Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowIOAVProtection; + [Write, Description("Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowNetworkProtectionDownLevel; + [Write, Description("Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowRealtimeMonitoring; + [Write, Description("Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowScanningNetworkFiles; + [Write, Description("Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowScriptScanning; + [Write, Description("Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowUserUIAccess; + [Write, Description("Represents the average CPU load factor for the Windows Defender scan (in percent).")] sInt32 AvgCPULoadFactor; + [Write, Description("Specify the maximum folder depth to extract from archive files for scanning.")] sInt32 ArchiveMaxDepth; + [Write, Description("Specify the maximum size, in KB, of archive files to be extracted and scanned.")] sInt32 ArchiveMaxSize; + [Write, Description("This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String CheckForSignaturesBeforeRunningScan; + [Write, Description("This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level)"), ValueMap{"0","2","4","6"}, Values{"0","2","4","6"}] String CloudBlockLevel; + [Write, Description("This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.")] sInt32 CloudExtendedTimeout; + [Write, Description("Time period (in days) that quarantine items will be stored on the system.")] sInt32 DaysToRetainCleanedMalware; + [Write, Description("This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableCatchupFullScan; + [Write, Description("This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableCatchupQuickScan; + [Write, Description("Disable Core Service ECS Integration. (0: disabled, 1: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableCoreServiceECSIntegration; + [Write, Description("Disable Core Service Telemetry. (1: disabled, 0: enabled)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableCoreServiceTelemetry; + [Write, Description("Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableDnsOverTcpParsing; + [Write, Description("Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableHttpParsing; [Write, Description("Disable Ssh Parsing (1: SSH parsing is disabled, 0: SSH parsing is enabled)"), ValueMap{"1", "0"}, Values{"1", "0"}] String DisableSshParsing; - [Write, Description("This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String enablelowcpupriority; - [Write, Description("This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String enablenetworkprotection; - [Write, Description("Allows an administrator to specify a list of file type extensions to ignore during a scan.")] String excludedextensions[]; - [Write, Description("Allows an administrator to specify a list of directory paths to ignore during a scan.")] String excludedpaths[]; - [Write, Description("Allows an administrator to specify a list of files opened by processes to ignore during a scan.")] String excludedprocesses[]; - [Write, Description("Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String puaprotection; - [Write, Description("Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String engineupdateschannel; - [Write, Description("Allow managed devices to update through metered connections. (0: disabled, 1: enabled)")] String meteredconnectionupdates; - [Write, Description("Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String platformupdateschannel; - [Write, Description("Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad))"), ValueMap{"0", "4", "5"}, Values{"0", "4", "5"}] String securityintelligenceupdateschannel; - [Write, Description("Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String realtimescandirection; - [Write, Description("Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan)"), ValueMap{"1","2"}, Values{"1","2"}] String scanparameter; - [Write, Description("Selects the time of day that the Windows Defender quick scan should run.")] sInt32 schedulequickscantime; - [Write, Description("Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)"), ValueMap{"0","1","2","3","4","5","6","7","8"}, Values{"0","1","2","3","4","5","6","7","8"}] String schedulescanday; - [Write, Description("Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes.")] sInt32 schedulescantime; - [Write, Description("This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled)"), ValueMap{"0","1"}, Values{"0","1"}] String disabletlsparsing; - [Write, Description("Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized)"), ValueMap{"0","1"}, Values{"0","1"}] String randomizescheduletasktimes; - [Write, Description("This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.")] sInt32 schedulerrandomizationtime; - [Write, Description("This policy setting allows you to define the order in which different definition update sources should be contacted.")] String signatureupdatefallbackorder[]; - [Write, Description("This policy setting allows you to configure UNC file share sources for downloading definition updates.")] String signatureupdatefilesharessources[]; - [Write, Description("Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours.")] sInt32 signatureupdateinterval; - [Write, Description("Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically)"), ValueMap{"0","1","2","3"}, Values{"0","1","2","3"}] String submitsamplesconsent; - [Write, Description("This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge)"), ValueMap{"0","1"}, Values{"0","1"}] String disablelocaladminmerge; - [Write, Description("Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String allowonaccessprotection; - [Write, Description("Allows an administrator to specify low severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String lowseveritythreats; - [Write, Description("Allows an administrator to specify moderate severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String moderateseveritythreats; - [Write, Description("Allows an administrator to specify high severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String severethreats; - [Write, Description("Allows an administrator to specify severe threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String highseveritythreats; - [Write, Description("Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus"),ValueMap{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}, Values{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}] String templateId; + [Write, Description("This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String EnableLowCPUPriority; + [Write, Description("This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String EnableNetworkProtection; + [Write, Description("Allows an administrator to specify a list of file type extensions to ignore during a scan.")] String ExcludedExtensions[]; + [Write, Description("Allows an administrator to specify a list of directory paths to ignore during a scan.")] String ExcludedPaths[]; + [Write, Description("Allows an administrator to specify a list of files opened by processes to ignore during a scan.")] String ExcludedProcesses[]; + [Write, Description("Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String PUAProtection; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String EngineUpdatesChannel; + [Write, Description("Allow managed devices to update through metered connections. (0: disabled, 1: enabled)")] String MeteredConnectionUpdates; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)"), ValueMap{"0", "2", "3", "4", "5", "6"}, Values{"0", "2", "3", "4", "5", "6"}] String PlatformUpdatesChannel; + [Write, Description("Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad))"), ValueMap{"0", "4", "5"}, Values{"0", "4", "5"}] String SecurityIntelligenceUpdatesChannel; + [Write, Description("Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RealTimeScanDirection; + [Write, Description("Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan)"), ValueMap{"1","2"}, Values{"1","2"}] String ScanParameter; + [Write, Description("Selects the time of day that the Windows Defender quick scan should run.")] sInt32 ScheduleQuickScanTime; + [Write, Description("Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)"), ValueMap{"0","1","2","3","4","5","6","7","8"}, Values{"0","1","2","3","4","5","6","7","8"}] String ScheduleScanDay; + [Write, Description("Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes.")] sInt32 ScheduleScanTime; + [Write, Description("This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableTlsParsing; + [Write, Description("Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized)"), ValueMap{"0","1"}, Values{"0","1"}] String RandomizeScheduleTaskTimes; + [Write, Description("This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.")] sInt32 SchedulerRandomizationTime; + [Write, Description("This policy setting allows you to define the order in which different definition update sources should be contacted.")] String SignatureUpdateFallbackOrder[]; + [Write, Description("This policy setting allows you to configure UNC file share sources for downloading definition updates.")] String SignatureUpdateFileSharesSources[]; + [Write, Description("Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours.")] sInt32 SignatureUpdateInterval; + [Write, Description("Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically)"), ValueMap{"0","1","2","3"}, Values{"0","1","2","3"}] String SubmitSamplesConsent; + [Write, Description("This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge)"), ValueMap{"0","1"}, Values{"0","1"}] String DisableLocalAdminMerge; + [Write, Description("Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature)"), ValueMap{"0","1"}, Values{"0","1"}] String AllowOnAccessProtection; + [Write, Description("Allows an administrator to specify low severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String LowSeverityThreats; + [Write, Description("Allows an administrator to specify moderate severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String ModerateSeverityThreats; + [Write, Description("Allows an administrator to specify high severity threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String SevereThreats; + [Write, Description("Allows an administrator to specify severe threats corresponding action ID to take."),ValueMap{"clean", "quarantine","remove", "allow", "userdefined","block"}, Values{"clean", "quarantine","remove", "allow", "userdefined","block"}] String HighSeverityThreats; + [Write, Description("Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus"),ValueMap{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}, Values{"d948ff9b-99cb-4ee0-8012-1fbc09685377_1", "e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1", "45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"}] String TemplateId; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/1-Create.ps1 deleted file mode 100644 index cd20934197..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/1-Create.ps1 +++ /dev/null @@ -1,38 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXOM365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 1"; - Enabled = $True; - Ensure = "Present"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/2-Update.ps1 deleted file mode 100644 index a2b808a007..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/2-Update.ps1 +++ /dev/null @@ -1,38 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXOM365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 2"; # drift - Enabled = $True; - Ensure = "Present"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/3-Remove.ps1 deleted file mode 100644 index 2fb04326d1..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOM365DataAtRestEncryptionPolicy/3-Remove.ps1 +++ /dev/null @@ -1,38 +0,0 @@ -<# -This example is used to test new resources and showcase the usage of new resources being worked on. -It is not meant to use as a production baseline. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - EXOM365DataAtRestEncryptionPolicy "M365DataAtRestEncryptionPolicy-Riyansh_Policy" - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 1"; - Enabled = $True; - Ensure = "Absent"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index c6ac727450..1fa5f90e54 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -992,14 +992,14 @@ function ConvertTo-IntunePolicyAssignment { $message = "Skipping assignment for the group with DisplayName {$($assignment.groupDisplayName)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or groupDisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } if ($group -and $group.Count -gt 1) { $message = "Skipping assignment for the group with DisplayName {$($assignment.groupDisplayName)} as it is not unique in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $group = $null $target = $null } @@ -1008,7 +1008,7 @@ function ConvertTo-IntunePolicyAssignment { $message = "Skipping assignment for the group with Id {$($assignment.groupId)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } } @@ -1165,14 +1165,14 @@ function ConvertTo-IntuneMobileAppAssignment { $message = "Skipping assignment for the group with DisplayName {$($assignment.groupDisplayName)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or groupDisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } if ($group -and $group.Count -gt 1) { $message = "Skipping assignment for the group with DisplayName {$($assignment.groupDisplayName)} as it is not unique in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $group = $null $target = $null } @@ -1181,7 +1181,7 @@ function ConvertTo-IntuneMobileAppAssignment { $message = "Skipping assignment for the group with Id {$($assignment.groupId)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } } @@ -1329,14 +1329,14 @@ function Update-DeviceConfigurationPolicyAssignment { $message = "Skipping assignment for the group with DisplayName {$($target.groupDisplayName)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or groupDisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } if ($group -and $group.count -gt 1) { $message = "Skipping assignment for the group with DisplayName {$($target.groupDisplayName)} as it is not unique in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $group = $null $target = $null } @@ -1345,7 +1345,7 @@ function Update-DeviceConfigurationPolicyAssignment { $message = "Skipping assignment for the group with Id {$($target.groupId)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } } @@ -1452,14 +1452,14 @@ function Update-DeviceAppManagementPolicyAssignment { $message = "Skipping assignment for the group with DisplayName {$($target.groupDisplayName)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or groupDisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } if ($group -and $group.count -gt 1) { $message = "Skipping assignment for the group with DisplayName {$($target.groupDisplayName)} as it is not unique in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $group = $null $target = $null } @@ -1468,7 +1468,7 @@ function Update-DeviceAppManagementPolicyAssignment { $message = "Skipping assignment for the group with Id {$($target.groupId)} as it could not be found in the directory.`r`n" $message += "Please update your DSC resource extract with the correct groupId or a unique group DisplayName." - Write-Verbose -Message $message + Write-Warning -Message $message $target = $null } } @@ -1775,7 +1775,7 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue $instanceCount = 1 if (($Level -gt 1 -and $groupSettingCollectionDefinitionChildren.Count -gt 1) -or - ($Level -eq 1 -and $groupSettingCollectionDefinitionChildren.Count -ge 1 -and $groupSettingCollectionDefinitionChildren.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) + ($Level -eq 1 -and $SettingDefinition.AdditionalProperties.maximumCount -gt 1 -and $groupSettingCollectionDefinitionChildren.Count -ge 1 -and $groupSettingCollectionDefinitionChildren.AdditionalProperties.'@odata.type' -notcontains "#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition")) { $SettingInstanceName += Get-SettingsCatalogSettingName -SettingDefinition $SettingDefinition -AllSettingDefinitions $AllSettingDefinitions $cimDSCParams = @() @@ -2480,7 +2480,7 @@ function Update-IntuneDeviceConfigurationPolicy 'settings' = $Settings } $body = $policy | ConvertTo-Json -Depth 20 - #Write-Verbose -Message $body + Write-Verbose -Message $body -Verbose Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body $body -ErrorAction Stop } catch diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index 03cf064c2c..3af30a3dfe 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -15735,71 +15735,6 @@ } ] }, - { - "ClassName": "MSFT_EXOM365DataAtRestEncryptionPolicy", - "Parameters": [ - { - "CIMType": "String", - "Name": "Identity", - "Option": "Key" - }, - { - "CIMType": "String", - "Name": "Name", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "Description", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "Enabled", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AzureKeyIDs", - "Option": "Write" - }, - { - "CIMType": "string", - "Name": "Ensure", - "Option": "Write" - }, - { - "CIMType": "MSFT_Credential", - "Name": "Credential", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "ApplicationId", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "TenantId", - "Option": "Write" - }, - { - "CIMType": "String", - "Name": "CertificateThumbprint", - "Option": "Write" - }, - { - "CIMType": "Boolean", - "Name": "ManagedIdentity", - "Option": "Write" - }, - { - "CIMType": "String[]", - "Name": "AccessTokens", - "Option": "Write" - } - ] - }, { "ClassName": "MSFT_EXOMailboxAuditBypassAssociation", "Parameters": [ @@ -25015,222 +24950,232 @@ }, { "CIMType": "String", - "Name": "tamperprotection", + "Name": "TamperProtection", "Option": "Write" }, { "CIMType": "String", - "Name": "disableaccountprotectionui", + "Name": "DisableAccountProtectionUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disableappbrowserui", + "Name": "DisableAppBrowserUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disablecleartpmbutton", + "Name": "DisableClearTpmButton", "Option": "Write" }, { "CIMType": "String", - "Name": "disabledevicesecurityui", + "Name": "DisableDeviceSecurityUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disablefamilyui", + "Name": "DisableFamilyUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disablehealthui", + "Name": "DisableHealthUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disablenetworkui", + "Name": "DisableNetworkUI", "Option": "Write" }, { "CIMType": "String", - "Name": "disableenhancednotifications", + "Name": "DisableEnhancedNotifications", "Option": "Write" }, { "CIMType": "String", - "Name": "disabletpmfirmwareupdatewarning", + "Name": "DisableTpmFirmwareUpdateWarning", "Option": "Write" }, { "CIMType": "String", - "Name": "disablevirusui", + "Name": "DisableVirusUI", "Option": "Write" }, { "CIMType": "String", - "Name": "hideransomwaredatarecovery", + "Name": "HideRansomwareDataRecovery", "Option": "Write" }, { "CIMType": "String", - "Name": "hidewindowssecuritynotificationareacontrol", + "Name": "HideWindowsSecurityNotificationAreaControl", "Option": "Write" }, { "CIMType": "String", - "Name": "enablecustomizedtoasts", + "Name": "EnableCustomizedToasts", "Option": "Write" }, { "CIMType": "String", - "Name": "enableinappcustomization", + "Name": "EnableInAppCustomization", "Option": "Write" }, { "CIMType": "String", - "Name": "companyname", + "Name": "CompanyName", "Option": "Write" }, { "CIMType": "String", - "Name": "email", + "Name": "Email", "Option": "Write" }, { "CIMType": "String", - "Name": "phone", + "Name": "Phone", "Option": "Write" }, { "CIMType": "String", - "Name": "url", + "Name": "URL", "Option": "Write" }, { "CIMType": "String", - "Name": "allowarchivescanning", + "Name": "AllowArchiveScanning", "Option": "Write" }, { "CIMType": "String", - "Name": "allowbehaviormonitoring", + "Name": "AllowBehaviorMonitoring", "Option": "Write" }, { "CIMType": "String", - "Name": "allowcloudprotection", + "Name": "AllowCloudProtection", "Option": "Write" }, { "CIMType": "String", - "Name": "allowdatagramprocessingonwinserver", + "Name": "AllowDatagramProcessingOnWinServer", "Option": "Write" }, { "CIMType": "String", - "Name": "allowemailscanning", + "Name": "AllowEmailScanning", "Option": "Write" }, { "CIMType": "String", - "Name": "allowfullscanonmappednetworkdrives", + "Name": "AllowFullScanOnMappedNetworkDrives", "Option": "Write" }, { "CIMType": "String", - "Name": "allowfullscanremovabledrivescanning", + "Name": "AllowFullScanRemovableDriveScanning", "Option": "Write" }, { "CIMType": "String", - "Name": "allowintrusionpreventionsystem", + "Name": "AllowIntrusionPreventionSystem", "Option": "Write" }, { "CIMType": "String", - "Name": "allowioavprotection", + "Name": "AllowIOAVProtection", "Option": "Write" }, { "CIMType": "String", - "Name": "allownetworkprotectiondownlevel", + "Name": "AllowNetworkProtectionDownLevel", "Option": "Write" }, { "CIMType": "String", - "Name": "allowrealtimemonitoring", + "Name": "AllowRealtimeMonitoring", "Option": "Write" }, { "CIMType": "String", - "Name": "allowscanningnetworkfiles", + "Name": "AllowScanningNetworkFiles", "Option": "Write" }, { "CIMType": "String", - "Name": "allowscriptscanning", + "Name": "AllowScriptScanning", "Option": "Write" }, { "CIMType": "String", - "Name": "allowuseruiaccess", + "Name": "AllowUserUIAccess", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "avgcpuloadfactor", + "Name": "AvgCPULoadFactor", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "archivemaxdepth", + "Name": "ArchiveMaxDepth", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "archivemaxsize", + "Name": "ArchiveMaxSize", "Option": "Write" }, { "CIMType": "String", - "Name": "checkforsignaturesbeforerunningscan", + "Name": "CheckForSignaturesBeforeRunningScan", "Option": "Write" }, { "CIMType": "String", - "Name": "cloudblocklevel", + "Name": "CloudBlockLevel", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "cloudextendedtimeout", + "Name": "CloudExtendedTimeout", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "daystoretaincleanedmalware", + "Name": "DaysToRetainCleanedMalware", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableCatchupFullScan", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableCatchupQuickScan", "Option": "Write" }, { "CIMType": "String", - "Name": "disablecatchupfullscan", + "Name": "DisableCoreServiceECSIntegration", "Option": "Write" }, { "CIMType": "String", - "Name": "disablecatchupquickscan", + "Name": "DisableCoreServiceTelemetry", "Option": "Write" }, { "CIMType": "String", - "Name": "disablednsovertcpparsing", + "Name": "DisableDnsOverTcpParsing", "Option": "Write" }, { "CIMType": "String", - "Name": "disablehttpparsing", + "Name": "DisableHttpParsing", "Option": "Write" }, { @@ -25240,147 +25185,147 @@ }, { "CIMType": "String", - "Name": "enablelowcpupriority", + "Name": "EnableLowCPUPriority", "Option": "Write" }, { "CIMType": "String", - "Name": "enablenetworkprotection", + "Name": "EnableNetworkProtection", "Option": "Write" }, { "CIMType": "String[]", - "Name": "excludedextensions", + "Name": "ExcludedExtensions", "Option": "Write" }, { "CIMType": "String[]", - "Name": "excludedpaths", + "Name": "ExcludedPaths", "Option": "Write" }, { "CIMType": "String[]", - "Name": "excludedprocesses", + "Name": "ExcludedProcesses", "Option": "Write" }, { "CIMType": "String", - "Name": "puaprotection", + "Name": "PUAProtection", "Option": "Write" }, { "CIMType": "String", - "Name": "engineupdateschannel", + "Name": "EngineUpdatesChannel", "Option": "Write" }, { "CIMType": "String", - "Name": "meteredconnectionupdates", + "Name": "MeteredConnectionUpdates", "Option": "Write" }, { "CIMType": "String", - "Name": "platformupdateschannel", + "Name": "PlatformUpdatesChannel", "Option": "Write" }, { "CIMType": "String", - "Name": "securityintelligenceupdateschannel", + "Name": "SecurityIntelligenceUpdatesChannel", "Option": "Write" }, { "CIMType": "String", - "Name": "realtimescandirection", + "Name": "RealTimeScanDirection", "Option": "Write" }, { "CIMType": "String", - "Name": "scanparameter", + "Name": "ScanParameter", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "schedulequickscantime", + "Name": "ScheduleQuickScanTime", "Option": "Write" }, { "CIMType": "String", - "Name": "schedulescanday", + "Name": "ScheduleScanDay", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "schedulescantime", + "Name": "ScheduleScanTime", "Option": "Write" }, { "CIMType": "String", - "Name": "disabletlsparsing", + "Name": "DisableTlsParsing", "Option": "Write" }, { "CIMType": "String", - "Name": "randomizescheduletasktimes", + "Name": "RandomizeScheduleTaskTimes", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "schedulerrandomizationtime", + "Name": "SchedulerRandomizationTime", "Option": "Write" }, { "CIMType": "String[]", - "Name": "signatureupdatefallbackorder", + "Name": "SignatureUpdateFallbackOrder", "Option": "Write" }, { "CIMType": "String[]", - "Name": "signatureupdatefilesharessources", + "Name": "SignatureUpdateFileSharesSources", "Option": "Write" }, { "CIMType": "sInt32", - "Name": "signatureupdateinterval", + "Name": "SignatureUpdateInterval", "Option": "Write" }, { "CIMType": "String", - "Name": "submitsamplesconsent", + "Name": "SubmitSamplesConsent", "Option": "Write" }, { "CIMType": "String", - "Name": "disablelocaladminmerge", + "Name": "DisableLocalAdminMerge", "Option": "Write" }, { "CIMType": "String", - "Name": "allowonaccessprotection", + "Name": "AllowOnAccessProtection", "Option": "Write" }, { "CIMType": "String", - "Name": "lowseveritythreats", + "Name": "LowSeverityThreats", "Option": "Write" }, { "CIMType": "String", - "Name": "moderateseveritythreats", + "Name": "ModerateSeverityThreats", "Option": "Write" }, { "CIMType": "String", - "Name": "severethreats", + "Name": "SevereThreats", "Option": "Write" }, { "CIMType": "String", - "Name": "highseveritythreats", + "Name": "HighSeverityThreats", "Option": "Write" }, { "CIMType": "String", - "Name": "templateId", + "Name": "TemplateId", "Option": "Write" }, { diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 598715487f..ac6dbe5567 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -483,18 +483,6 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } - EXOM365DataAtRestEncryptionPolicy 'M365DataAtRestEncryptionPolicy-Riyansh_Policy' - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 1"; - Enabled = $True; - Ensure = "Present"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } EXOMailboxFolderPermission 'EXOMailboxFolderPermission-admin:\Calendar' { ApplicationId = $ApplicationId diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 index e51daed2ea..47a64c525d 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Remove.Tests.ps1 @@ -359,18 +359,6 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } - EXOM365DataAtRestEncryptionPolicy 'M365DataAtRestEncryptionPolicy-Riyansh_Policy' - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 1"; - Enabled = $True; - Ensure = "Absent"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } EXOMailContact 'TestMailContact' { Alias = 'TestMailContact' diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 index cf8e6c6efb..5d18ef125e 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 @@ -689,18 +689,6 @@ TenantId = $TenantId CertificateThumbprint = $CertificateThumbprint } - EXOM365DataAtRestEncryptionPolicy 'M365DataAtRestEncryptionPolicy-Riyansh_Policy' - { - AzureKeyIDs = @("https://m365dataatrestencryption.vault.azure.net/keys/EncryptionKey","https://m365datariyansh.vault.azure.net/keys/EncryptionRiyansh"); - Description = "Tenant default policy 2"; # drift - Enabled = $True; - Ensure = "Present"; - Identity = "Riyansh_Policy"; - Name = "Riyansh_Policy"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } EXOMailboxAuditBypassAssociation 'EXOMailboxAuditBypassAssociation-Test' { AuditBypassEnabled = $True; #Updated Property diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOM365DataAtRestEncryptionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOM365DataAtRestEncryptionPolicy.Tests.ps1 deleted file mode 100644 index 9969ea0126..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOM365DataAtRestEncryptionPolicy.Tests.ps1 +++ /dev/null @@ -1,207 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$CurrentScriptPath = $PSCommandPath.Split('\') -$CurrentScriptName = $CurrentScriptPath[$CurrentScriptPath.Length -1] -$ResourceName = $CurrentScriptName.Split('.')[1] -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource $ResourceName -GenericStubModule $GenericStubPath - -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - Mock -CommandName Set-M365DataAtRestEncryptionPolicy -MockWith { - return $null - } - - Mock -CommandName New-M365DataAtRestEncryptionPolicy -MockWith { - return $null - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - $Script:exportedInstances =$null - $Script:ExportMode = $false - } - # Test contexts - Context -Name "The instance should exist but it DOES NOT" -Fixture { - BeforeAll { - $testParams = @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-M365DataAtRestEncryptionPolicy -MockWith { - return $null - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should create a new instance from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-M365DataAtRestEncryptionPolicy -Exactly 1 - } - } - - Context -Name "The instance exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - Ensure = 'Absent' - Credential = $Credential; - } - - Mock -CommandName Get-M365DataAtRestEncryptionPolicy -MockWith { - return @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - } - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should remove the instance from the Set method' { - Set-TargetResource @testParams - } - } - - Context -Name "The instance exists and values are already in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-M365DataAtRestEncryptionPolicy -MockWith { - return @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - } - } - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name "The instance exists and values are NOT in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue' - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-M365DataAtRestEncryptionPolicy -MockWith { - return @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue2' #drift - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Set-M365DataAtRestEncryptionPolicy -Exactly 1 - } - } - - Context -Name 'ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential; - } - - Mock -CommandName Get-M365DataAtRestEncryptionPolicy -MockWith { - return @{ - Identity = 'FakeStringValue' - Name = 'FakeStringValue' - Description = 'FakeStringValue2' #drift - Enabled = $true - AzureKeyIDs = @('FakeStringValue1', 'FakeStringValue2') - } - } - } - It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md index 83653bc0e8..afe2de1dda 100644 --- a/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md +++ b/docs/docs/resources/intune/IntuneAntivirusPolicyWindows10SettingCatalog.md @@ -7,80 +7,82 @@ | **DisplayName** | Key | String | Display name of the endpoint protection policy for Windows 10. | | | **Identity** | Write | String | Identity of the endpoint protection policy for Windows 10. | | | **Description** | Write | String | Description of the endpoint protection policy for Windows 10. | | -| **tamperprotection** | Write | String | Allows or disallows scanning of archives. (0: enable feature. 1: disable feature) | `0`, `1` | -| **disableaccountprotectionui** | Write | String | Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disableappbrowserui** | Write | String | Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disablecleartpmbutton** | Write | String | Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disabledevicesecurityui** | Write | String | Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disablefamilyui** | Write | String | Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disablehealthui** | Write | String | Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disablenetworkui** | Write | String | Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disableenhancednotifications** | Write | String | Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disabletpmfirmwareupdatewarning** | Write | String | Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature) | `0`, `1` | -| **disablevirusui** | Write | String | Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **hideransomwaredatarecovery** | Write | String | Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **hidewindowssecuritynotificationareacontrol** | Write | String | This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature) | `0`, `1` | -| **enablecustomizedtoasts** | Write | String | Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature) | `0`, `1` | -| **enableinappcustomization** | Write | String | Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | -| **companyname** | Write | String | The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. | | -| **email** | Write | String | The email address that is displayed to users. The default mail application is used to initiate email actions. | | -| **phone** | Write | String | The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. | | -| **url** | Write | String | The help portal URL that is displayed to users. The default browser is used to initiate this action. | | -| **allowarchivescanning** | Write | String | Allows or disallows scanning of archives. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowbehaviormonitoring** | Write | String | Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowcloudprotection** | Write | String | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowdatagramprocessingonwinserver** | Write | String | Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowemailscanning** | Write | String | Allows or disallows scanning of email. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowfullscanonmappednetworkdrives** | Write | String | Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowfullscanremovabledrivescanning** | Write | String | Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowintrusionpreventionsystem** | Write | String | https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowioavprotection** | Write | String | Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allownetworkprotectiondownlevel** | Write | String | Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowrealtimemonitoring** | Write | String | Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowscanningnetworkfiles** | Write | String | Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowscriptscanning** | Write | String | Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature) | `0`, `1` | -| **allowuseruiaccess** | Write | String | Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI) | `0`, `1` | -| **avgcpuloadfactor** | Write | SInt32 | Represents the average CPU load factor for the Windows Defender scan (in percent). | | -| **archivemaxdepth** | Write | SInt32 | Specify the maximum folder depth to extract from archive files for scanning. | | -| **archivemaxsize** | Write | SInt32 | Specify the maximum size, in KB, of archive files to be extracted and scanned. | | -| **checkforsignaturesbeforerunningscan** | Write | String | This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature) | `0`, `1` | -| **cloudblocklevel** | Write | String | This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level) | `0`, `2`, `4`, `6` | -| **cloudextendedtimeout** | Write | SInt32 | This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. | | -| **daystoretaincleanedmalware** | Write | SInt32 | Time period (in days) that quarantine items will be stored on the system. | | -| **disablecatchupfullscan** | Write | String | This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled) | `0`, `1` | -| **disablecatchupquickscan** | Write | String | This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled) | `0`, `1` | -| **disablednsovertcpparsing** | Write | String | Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature) | `0`, `1` | -| **disablehttpparsing** | Write | String | Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature) | `0`, `1` | +| **TamperProtection** | Write | String | Allows or disallows scanning of archives. (0: enable feature. 1: disable feature) | `0`, `1` | +| **DisableAccountProtectionUI** | Write | String | Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableAppBrowserUI** | Write | String | Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableClearTpmButton** | Write | String | Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableDeviceSecurityUI** | Write | String | Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableFamilyUI** | Write | String | Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableHealthUI** | Write | String | Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableNetworkUI** | Write | String | Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableEnhancedNotifications** | Write | String | Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableTpmFirmwareUpdateWarning** | Write | String | Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature) | `0`, `1` | +| **DisableVirusUI** | Write | String | Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **HideRansomwareDataRecovery** | Write | String | Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **HideWindowsSecurityNotificationAreaControl** | Write | String | This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature) | `0`, `1` | +| **EnableCustomizedToasts** | Write | String | Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature) | `0`, `1` | +| **EnableInAppCustomization** | Write | String | Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature) | `0`, `1` | +| **CompanyName** | Write | String | The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. | | +| **Email** | Write | String | The email address that is displayed to users. The default mail application is used to initiate email actions. | | +| **Phone** | Write | String | The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. | | +| **URL** | Write | String | The help portal URL that is displayed to users. The default browser is used to initiate this action. | | +| **AllowArchiveScanning** | Write | String | Allows or disallows scanning of archives. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowBehaviorMonitoring** | Write | String | Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowCloudProtection** | Write | String | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowDatagramProcessingOnWinServer** | Write | String | Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowEmailScanning** | Write | String | Allows or disallows scanning of email. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowFullScanOnMappedNetworkDrives** | Write | String | Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowFullScanRemovableDriveScanning** | Write | String | Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowIntrusionPreventionSystem** | Write | String | https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowIOAVProtection** | Write | String | Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowNetworkProtectionDownLevel** | Write | String | Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowRealtimeMonitoring** | Write | String | Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowScanningNetworkFiles** | Write | String | Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowScriptScanning** | Write | String | Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature) | `0`, `1` | +| **AllowUserUIAccess** | Write | String | Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI) | `0`, `1` | +| **AvgCPULoadFactor** | Write | SInt32 | Represents the average CPU load factor for the Windows Defender scan (in percent). | | +| **ArchiveMaxDepth** | Write | SInt32 | Specify the maximum folder depth to extract from archive files for scanning. | | +| **ArchiveMaxSize** | Write | SInt32 | Specify the maximum size, in KB, of archive files to be extracted and scanned. | | +| **CheckForSignaturesBeforeRunningScan** | Write | String | This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature) | `0`, `1` | +| **CloudBlockLevel** | Write | String | This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level) | `0`, `2`, `4`, `6` | +| **CloudExtendedTimeout** | Write | SInt32 | This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. | | +| **DaysToRetainCleanedMalware** | Write | SInt32 | Time period (in days) that quarantine items will be stored on the system. | | +| **DisableCatchupFullScan** | Write | String | This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled) | `0`, `1` | +| **DisableCatchupQuickScan** | Write | String | This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled) | `0`, `1` | +| **DisableCoreServiceECSIntegration** | Write | String | Disable Core Service ECS Integration. (0: disabled, 1: enabled) | `0`, `1` | +| **DisableCoreServiceTelemetry** | Write | String | Disable Core Service Telemetry. (1: disabled, 0: enabled) | `0`, `1` | +| **DisableDnsOverTcpParsing** | Write | String | Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature) | `0`, `1` | +| **DisableHttpParsing** | Write | String | Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature) | `0`, `1` | | **DisableSshParsing** | Write | String | Disable Ssh Parsing (1: SSH parsing is disabled, 0: SSH parsing is enabled) | `1`, `0` | -| **enablelowcpupriority** | Write | String | This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature) | `0`, `1` | -| **enablenetworkprotection** | Write | String | This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode) | `0`, `1`, `2` | -| **excludedextensions** | Write | StringArray[] | Allows an administrator to specify a list of file type extensions to ignore during a scan. | | -| **excludedpaths** | Write | StringArray[] | Allows an administrator to specify a list of directory paths to ignore during a scan. | | -| **excludedprocesses** | Write | StringArray[] | Allows an administrator to specify a list of files opened by processes to ignore during a scan. | | -| **puaprotection** | Write | String | Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode) | `0`, `1`, `2` | -| **engineupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | -| **meteredconnectionupdates** | Write | String | Allow managed devices to update through metered connections. (0: disabled, 1: enabled) | | -| **platformupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | -| **securityintelligenceupdateschannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad)) | `0`, `4`, `5` | -| **realtimescandirection** | Write | String | Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files) | `0`, `1`, `2` | -| **scanparameter** | Write | String | Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan) | `1`, `2` | -| **schedulequickscantime** | Write | SInt32 | Selects the time of day that the Windows Defender quick scan should run. | | -| **schedulescanday** | Write | String | Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan) | `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8` | -| **schedulescantime** | Write | SInt32 | Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes. | | -| **disabletlsparsing** | Write | String | This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled) | `0`, `1` | -| **randomizescheduletasktimes** | Write | String | Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized) | `0`, `1` | -| **schedulerrandomizationtime** | Write | SInt32 | This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours. | | -| **signatureupdatefallbackorder** | Write | StringArray[] | This policy setting allows you to define the order in which different definition update sources should be contacted. | | -| **signatureupdatefilesharessources** | Write | StringArray[] | This policy setting allows you to configure UNC file share sources for downloading definition updates. | | -| **signatureupdateinterval** | Write | SInt32 | Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours. | | -| **submitsamplesconsent** | Write | String | Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically) | `0`, `1`, `2`, `3` | -| **disablelocaladminmerge** | Write | String | This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge) | `0`, `1` | -| **allowonaccessprotection** | Write | String | Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature) | `0`, `1` | -| **lowseveritythreats** | Write | String | Allows an administrator to specify low severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | -| **moderateseveritythreats** | Write | String | Allows an administrator to specify moderate severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | -| **severethreats** | Write | String | Allows an administrator to specify high severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | -| **highseveritythreats** | Write | String | Allows an administrator to specify severe threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | -| **templateId** | Write | String | Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus | `d948ff9b-99cb-4ee0-8012-1fbc09685377_1`, `e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1`, `45fea5e9-280d-4da1-9792-fb5736da0ca9_1`, `804339ad-1553-4478-a742-138fb5807418_1` | +| **EnableLowCPUPriority** | Write | String | This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature) | `0`, `1` | +| **EnableNetworkProtection** | Write | String | This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode) | `0`, `1`, `2` | +| **ExcludedExtensions** | Write | StringArray[] | Allows an administrator to specify a list of file type extensions to ignore during a scan. | | +| **ExcludedPaths** | Write | StringArray[] | Allows an administrator to specify a list of directory paths to ignore during a scan. | | +| **ExcludedProcesses** | Write | StringArray[] | Allows an administrator to specify a list of files opened by processes to ignore during a scan. | | +| **PUAProtection** | Write | String | Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode) | `0`, `1`, `2` | +| **EngineUpdatesChannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | +| **MeteredConnectionUpdates** | Write | String | Allow managed devices to update through metered connections. (0: disabled, 1: enabled) | | +| **PlatformUpdatesChannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | `0`, `2`, `3`, `4`, `5`, `6` | +| **SecurityIntelligenceUpdatesChannel** | Write | String | Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad)) | `0`, `4`, `5` | +| **RealTimeScanDirection** | Write | String | Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files) | `0`, `1`, `2` | +| **ScanParameter** | Write | String | Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan) | `1`, `2` | +| **ScheduleQuickScanTime** | Write | SInt32 | Selects the time of day that the Windows Defender quick scan should run. | | +| **ScheduleScanDay** | Write | String | Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan) | `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8` | +| **ScheduleScanTime** | Write | SInt32 | Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes. | | +| **DisableTlsParsing** | Write | String | This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled) | `0`, `1` | +| **RandomizeScheduleTaskTimes** | Write | String | Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized) | `0`, `1` | +| **SchedulerRandomizationTime** | Write | SInt32 | This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours. | | +| **SignatureUpdateFallbackOrder** | Write | StringArray[] | This policy setting allows you to define the order in which different definition update sources should be contacted. | | +| **SignatureUpdateFileSharesSources** | Write | StringArray[] | This policy setting allows you to configure UNC file share sources for downloading definition updates. | | +| **SignatureUpdateInterval** | Write | SInt32 | Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours. | | +| **SubmitSamplesConsent** | Write | String | Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically) | `0`, `1`, `2`, `3` | +| **DisableLocalAdminMerge** | Write | String | This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge) | `0`, `1` | +| **AllowOnAccessProtection** | Write | String | Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature) | `0`, `1` | +| **LowSeverityThreats** | Write | String | Allows an administrator to specify low severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | +| **ModerateSeverityThreats** | Write | String | Allows an administrator to specify moderate severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | +| **SevereThreats** | Write | String | Allows an administrator to specify high severity threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | +| **HighSeverityThreats** | Write | String | Allows an administrator to specify severe threats corresponding action ID to take. | `clean`, `quarantine`, `remove`, `allow`, `userdefined`, `block` | +| **TemplateId** | Write | String | Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus | `d948ff9b-99cb-4ee0-8012-1fbc09685377_1`, `e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1`, `45fea5e9-280d-4da1-9792-fb5736da0ca9_1`, `804339ad-1553-4478-a742-138fb5807418_1` | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | |