diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c0e2a421f..db7fb70713 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ # UNRELEASED +* IntuneDeviceConfigurationPolicyWindows10 + * [BREAKING CHANGE] Added complex parameters as embedded CIM (DefenderDetectedMalwareActions, EdgeHomeButtonConfiguration, EdgeSearchEngine, NetworkProxyServer, Windows10AppsForceUpdateSchedule) + * Resource regenerated with DRG + * FIXES[#2867](https://github.com/microsoft/Microsoft365DSC/issues/2867) + * FIXES[#2868](https://github.com/microsoft/Microsoft365DSC/issues/2868) * IntuneDeviceEnrollmentStatusPageWindows10 * [BREAKING CHANGE] Renamed resource IntuneDeviceEnrollmentConfigurationWindows10 to IntuneDeviceEnrollmentStatusPageWindows10 * Added support for property Assignments. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 1c86747e12..3176adfabd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4,220 +4,211 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, - + #region resource generator code [Parameter()] - [System.String] - $Description, + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + $ActivateAppsWithVoice, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $AntiTheftModeBlocked, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + $AppsAllowTrustedAppsSideloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $AppsBlockWindowsStoreOriginatedApps, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $AuthenticationAllowSecondaryDevice, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [System.Boolean] - $SearchEnableRemoteQueries, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String[]] + $BluetoothAllowedServices, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $BluetoothBlockAdvertising, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, - - [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] - [System.String] - $DiagnosticsDataSubmissionMode, + $BluetoothBlockDiscoverableMode, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $BluetoothBlocked, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, - - [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + $BluetoothBlockPrePairing, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Boolean] + $CameraBlocked, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $CellularBlockVpnWhenRoaming, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $EdgeBlocked, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] [System.String] - $EdgeCookiePolicy, + $ConfigureTimeZone, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $ConnectedDevicesServiceBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockInPrivateBrowsing, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $DefenderBlockOnAccessProtection, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $DefenderScanDownloads, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $DefenderRequireBehaviorMonitoring, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $DefenderRequireCloudProtection, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] @@ -225,959 +216,2313 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] $DefenderScanMappedNetworkDrivesDuringFullScan, + [Parameter()] + [System.Int32] + $DefenderScanMaxCpu, + [Parameter()] [System.Boolean] $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - $DefenderPromptForSampleSubmission, + $DefenderScanType, [Parameter()] - [System.String] + [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, - - [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $DeviceManagementBlockManualUnenroll, [Parameter()] - [System.Boolean] - $LockScreenBlockCortana, + [ValidateSet('userDefined','none','basic','enhanced','full')] + [System.String] + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $LockScreenBlockToastNotifications, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $EdgeAllowStartPagesModification, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $EdgeBlockAccessToAboutFlags, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $EdgeBlockAddressBarDropdown, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $EdgeBlockAutofill, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $EdgeBlockCompatibilityList, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $PasswordRequired, + $EdgeBlocked, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $EdgeBlockEditFavorites, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $EdgeBlockExtensions, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $EdgeBlockFullScreenMode, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $PrivacyAdvertisingId, + [System.Boolean] + $EdgeBlockInPrivateBrowsing, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $EdgeBlockJavaScript, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $EdgeBlockLiveTileDataCollection, [Parameter()] [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + $EdgeBlockPasswordManager, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] - [System.String] - $StartMenuAppListVisibility, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] [System.Boolean] - $StartMenuHideChangeAccountSettings, + $EdgeBlockPrelaunch, [Parameter()] [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + $EdgeBlockPrinting, [Parameter()] [System.Boolean] - $StartMenuHideHibernate, + $EdgeBlockSavingHistory, [Parameter()] [System.Boolean] - $StartMenuHideLock, + $EdgeBlockSearchEngineCustomization, [Parameter()] [System.Boolean] - $StartMenuHidePowerButton, + $EdgeBlockSearchSuggestions, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] [System.Boolean] - $StartMenuHideRecentlyAddedApps, + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] [System.Boolean] - $StartMenuHideRestartOptions, + $EdgeBlockSideloadingExtensions, [Parameter()] [System.Boolean] - $StartMenuHideShutDown, + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $StartMenuHideSwitchAccount, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $EdgeDisableFirstRunPage, [Parameter()] [System.String] - $StartMenuLayoutEdgeAssetsXml, + $EdgeEnterpriseModeSiteListLocation, [Parameter()] + [ValidateSet('notConfigured','hide','show')] [System.String] - $StartMenuLayoutXml, + $EdgeFavoritesBarVisibility, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] - $StartMenuMode, + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderDocuments, + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $StartMenuPinnedFolderDownloads, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderFileExplorer, + $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] [System.String] - $StartMenuPinnedFolderHomeGroup, + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $StartMenuPinnedFolderMusic, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $StartMenuPinnedFolderNetwork, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPersonalFolder, + $EnterpriseCloudPrintDiscoveryEndPoint, + + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPictures, + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderSettings, + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderVideos, + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $SettingsBlockSettingsApp, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SettingsBlockPersonalizationPage, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $LocationServicesBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $LockScreenBlockToastNotifications, + + [Parameter()] + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $MicrosoftAccountBlocked, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled')] [System.String] - $WindowsSpotlightConfigureOnLockScreen, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] $NetworkProxyApplySettingsDeviceWide, - [Parameter()] - [System.Boolean] - $NetworkProxyDisableAutoDetect, - [Parameter()] [System.String] $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] + [System.Boolean] + $NetworkProxyDisableAutoDetect, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $NetworkProxyServer, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $NfcBlocked, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $CameraBlocked, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $ConnectedDevicesServiceBlocked, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $CopyPasteBlocked, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $CortanaBlocked, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $PasswordRequired, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] - $SafeSearchFilter, + $PasswordRequiredType, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $EdgeBlockSearchSuggestions, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $EdgeRequireSmartScreen, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $PowerButtonActionPluggedIn, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeFirstRunUrl, + $PowerHybridSleepOnBattery, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeSearchEngine, + $PowerHybridSleepPluggedIn, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $SettingsBlockChangeSystemTime, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $SettingsBlockEditDeviceName, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $SettingsBlockChangeRegion, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $PrivacyBlockPublishUserActivities, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $PrivacyDisableLaunchExperience, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $ResetProtectionModeBlocked, [Parameter()] - [System.Boolean] - $MicrosoftAccountBlocked, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $NfcBlocked, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $UsbBlocked, + $SearchDisableIndexingRemovableDrive, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $SearchDisableLocation, [Parameter()] [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + $SearchDisableUseLocation, [Parameter()] [System.Boolean] - $WiFiBlocked, + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $SearchEnableRemoteQueries, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $SettingsBlockChangeLanguage, [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $SettingsBlockChangeRegion, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $SettingsBlockRemoveProvisioningPackage, + + [Parameter()] + [System.Boolean] + $SettingsBlockSettingsApp, + + [Parameter()] + [System.Boolean] + $SettingsBlockSystemPage, + + [Parameter()] + [System.Boolean] + $SettingsBlockTimeLanguagePage, + + [Parameter()] + [System.Boolean] + $SettingsBlockUpdateSecurityPage, + + [Parameter()] + [System.Boolean] + $SharedUserAppDataAllowed, + + [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [System.String] + $SmartScreenAppInstallControl, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverride, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, + + [Parameter()] + [System.Boolean] + $StartBlockUnpinningAppsFromTaskbar, + + [Parameter()] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, + + [Parameter()] + [System.Boolean] + $StartMenuHideChangeAccountSettings, + + [Parameter()] + [System.Boolean] + $StartMenuHideFrequentlyUsedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideHibernate, + + [Parameter()] + [System.Boolean] + $StartMenuHideLock, + + [Parameter()] + [System.Boolean] + $StartMenuHidePowerButton, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentJumpLists, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentlyAddedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideRestartOptions, + + [Parameter()] + [System.Boolean] + $StartMenuHideShutDown, + + [Parameter()] + [System.Boolean] + $StartMenuHideSignOut, + + [Parameter()] + [System.Boolean] + $StartMenuHideSleep, + + [Parameter()] + [System.Boolean] + $StartMenuHideSwitchAccount, + + [Parameter()] + [System.Boolean] + $StartMenuHideUserTile, + + [Parameter()] + [System.String] + $StartMenuLayoutEdgeAssetsXml, + + [Parameter()] + [System.String] + $StartMenuLayoutXml, + + [Parameter()] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, + + [Parameter()] + [System.Boolean] + $StorageBlockRemovableStorage, + + [Parameter()] + [System.Boolean] + $StorageRequireMobileDeviceEncryption, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppDataToSystemVolume, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, + + [Parameter()] + [System.Boolean] + $TaskManagerBlockEndTask, + + [Parameter()] + [System.Boolean] + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + + [Parameter()] + [System.Boolean] + $UninstallBuiltInApps, + + [Parameter()] + [System.Boolean] + $UsbBlocked, + + [Parameter()] + [System.Boolean] + $VoiceRecordingBlocked, + + [Parameter()] + [System.Boolean] + $WebRtcBlockLocalhostIpAddress, + + [Parameter()] + [System.Boolean] + $WiFiBlockAutomaticConnectHotspots, + + [Parameter()] + [System.Boolean] + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockConsumerSpecificFeatures, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlocked, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockOnActionCenter, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockTailoredExperiences, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWelcomeExperience, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWindowsTips, + + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlockAutoUpdate, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10GeneralConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexDefenderDetectedMalwareActions = @{} + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) + { + $complexDefenderDetectedMalwareActions.Add('HighSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) + { + $complexDefenderDetectedMalwareActions.Add('LowSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) + { + $complexDefenderDetectedMalwareActions.Add('ModerateSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity) + { + $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) + } + if ($complexDefenderDetectedMalwareActions.values.Where({$null -ne $_}).count -eq 0) + { + $complexDefenderDetectedMalwareActions = $null + } + + $complexEdgeHomeButtonConfiguration = @{} + $complexEdgeHomeButtonConfiguration.Add('HomeButtonCustomURL', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.homeButtonCustomURL) + if ($null -ne $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type') + { + $complexEdgeHomeButtonConfiguration.Add('odataType', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type'.toString()) + } + if ($complexEdgeHomeButtonConfiguration.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeHomeButtonConfiguration = $null + } + + $complexEdgeSearchEngine = @{} + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType) + { + $complexEdgeSearchEngine.Add('EdgeSearchEngineType', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType.toString()) + } + $complexEdgeSearchEngine.Add('EdgeSearchEngineOpenSearchXmlUrl', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineOpenSearchXmlUrl) + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type') + { + $complexEdgeSearchEngine.Add('odataType', $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type'.toString()) + } + if ($complexEdgeSearchEngine.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeSearchEngine = $null + } + + $complexNetworkProxyServer = @{} + $complexNetworkProxyServer.Add('Address', $getValue.AdditionalProperties.networkProxyServer.address) + $complexNetworkProxyServer.Add('Exceptions', $getValue.AdditionalProperties.networkProxyServer.exceptions) + $complexNetworkProxyServer.Add('UseForLocalAddresses', $getValue.AdditionalProperties.networkProxyServer.useForLocalAddresses) + if ($complexNetworkProxyServer.values.Where({$null -ne $_}).count -eq 0) + { + $complexNetworkProxyServer = $null + } + + $complexWindows10AppsForceUpdateSchedule = @{} + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence) + { + $complexWindows10AppsForceUpdateSchedule.Add('Recurrence', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence.toString()) + } + $complexWindows10AppsForceUpdateSchedule.Add('RunImmediatelyIfAfterStartDateTime', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.runImmediatelyIfAfterStartDateTime) + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime) + { + $complexWindows10AppsForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime).ToString('o')) + } + if ($complexWindows10AppsForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + { + $complexWindows10AppsForceUpdateSchedule = $null + } + #endregion + + #region resource generator code + $enumActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.activateAppsWithVoice) + { + $enumActivateAppsWithVoice = $getValue.AdditionalProperties.activateAppsWithVoice.ToString() + } + + $enumAppsAllowTrustedAppsSideloading = $null + if ($null -ne $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading) + { + $enumAppsAllowTrustedAppsSideloading = $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading.ToString() + } + + $enumAuthenticationWebSignIn = $null + if ($null -ne $getValue.AdditionalProperties.authenticationWebSignIn) + { + $enumAuthenticationWebSignIn = $getValue.AdditionalProperties.authenticationWebSignIn.ToString() + } + + $enumCellularData = $null + if ($null -ne $getValue.AdditionalProperties.cellularData) + { + $enumCellularData = $getValue.AdditionalProperties.cellularData.ToString() + } + + $enumDefenderCloudBlockLevel = $null + if ($null -ne $getValue.AdditionalProperties.defenderCloudBlockLevel) + { + $enumDefenderCloudBlockLevel = $getValue.AdditionalProperties.defenderCloudBlockLevel.ToString() + } + + $enumDefenderMonitorFileActivity = $null + if ($null -ne $getValue.AdditionalProperties.defenderMonitorFileActivity) + { + $enumDefenderMonitorFileActivity = $getValue.AdditionalProperties.defenderMonitorFileActivity.ToString() + } + + $enumDefenderPotentiallyUnwantedAppAction = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction) + { + $enumDefenderPotentiallyUnwantedAppAction = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction.ToString() + } + + $enumDefenderPotentiallyUnwantedAppActionSetting = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting) + { + $enumDefenderPotentiallyUnwantedAppActionSetting = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting.ToString() + } + + $enumDefenderPromptForSampleSubmission = $null + if ($null -ne $getValue.AdditionalProperties.defenderPromptForSampleSubmission) + { + $enumDefenderPromptForSampleSubmission = $getValue.AdditionalProperties.defenderPromptForSampleSubmission.ToString() + } + + $enumDefenderScanType = $null + if ($null -ne $getValue.AdditionalProperties.defenderScanType) + { + $enumDefenderScanType = $getValue.AdditionalProperties.defenderScanType.ToString() + } + + $enumDefenderSubmitSamplesConsentType = $null + if ($null -ne $getValue.AdditionalProperties.defenderSubmitSamplesConsentType) + { + $enumDefenderSubmitSamplesConsentType = $getValue.AdditionalProperties.defenderSubmitSamplesConsentType.ToString() + } + + $enumDefenderSystemScanSchedule = $null + if ($null -ne $getValue.AdditionalProperties.defenderSystemScanSchedule) + { + $enumDefenderSystemScanSchedule = $getValue.AdditionalProperties.defenderSystemScanSchedule.ToString() + } + + $enumDeveloperUnlockSetting = $null + if ($null -ne $getValue.AdditionalProperties.developerUnlockSetting) + { + $enumDeveloperUnlockSetting = $getValue.AdditionalProperties.developerUnlockSetting.ToString() + } + + $enumDiagnosticsDataSubmissionMode = $null + if ($null -ne $getValue.AdditionalProperties.diagnosticsDataSubmissionMode) + { + $enumDiagnosticsDataSubmissionMode = $getValue.AdditionalProperties.diagnosticsDataSubmissionMode.ToString() + } + + $enumEdgeCookiePolicy = $null + if ($null -ne $getValue.AdditionalProperties.edgeCookiePolicy) + { + $enumEdgeCookiePolicy = $getValue.AdditionalProperties.edgeCookiePolicy.ToString() + } + + $enumEdgeFavoritesBarVisibility = $null + if ($null -ne $getValue.AdditionalProperties.edgeFavoritesBarVisibility) + { + $enumEdgeFavoritesBarVisibility = $getValue.AdditionalProperties.edgeFavoritesBarVisibility.ToString() + } + + $enumEdgeKioskModeRestriction = $null + if ($null -ne $getValue.AdditionalProperties.edgeKioskModeRestriction) + { + $enumEdgeKioskModeRestriction = $getValue.AdditionalProperties.edgeKioskModeRestriction.ToString() + } + + $enumEdgeOpensWith = $null + if ($null -ne $getValue.AdditionalProperties.edgeOpensWith) + { + $enumEdgeOpensWith = $getValue.AdditionalProperties.edgeOpensWith.ToString() + } + + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $null + if ($null -ne $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites) + { + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites.ToString() + } + + $enumEdgeTelemetryForMicrosoft365Analytics = $null + if ($null -ne $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics) + { + $enumEdgeTelemetryForMicrosoft365Analytics = $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics.ToString() + } + + $enumExperienceDoNotSyncBrowserSettings = $null + if ($null -ne $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings) + { + $enumExperienceDoNotSyncBrowserSettings = $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings.ToString() + } + + $enumFindMyFiles = $null + if ($null -ne $getValue.AdditionalProperties.findMyFiles) + { + $enumFindMyFiles = $getValue.AdditionalProperties.findMyFiles.ToString() + } + + $enumInkWorkspaceAccess = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccess) + { + $enumInkWorkspaceAccess = $getValue.AdditionalProperties.inkWorkspaceAccess.ToString() + } + + $enumInkWorkspaceAccessState = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccessState) + { + $enumInkWorkspaceAccessState = $getValue.AdditionalProperties.inkWorkspaceAccessState.ToString() + } + + $enumLockScreenActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice) + { + $enumLockScreenActivateAppsWithVoice = $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice.ToString() + } + + $enumMicrosoftAccountSignInAssistantSettings = $null + if ($null -ne $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings) + { + $enumMicrosoftAccountSignInAssistantSettings = $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings.ToString() + } + + $enumPasswordRequiredType = $null + if ($null -ne $getValue.AdditionalProperties.passwordRequiredType) + { + $enumPasswordRequiredType = $getValue.AdditionalProperties.passwordRequiredType.ToString() + } + + $enumPowerButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionOnBattery) + { + $enumPowerButtonActionOnBattery = $getValue.AdditionalProperties.powerButtonActionOnBattery.ToString() + } + + $enumPowerButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionPluggedIn) + { + $enumPowerButtonActionPluggedIn = $getValue.AdditionalProperties.powerButtonActionPluggedIn.ToString() + } + + $enumPowerHybridSleepOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepOnBattery) + { + $enumPowerHybridSleepOnBattery = $getValue.AdditionalProperties.powerHybridSleepOnBattery.ToString() + } + + $enumPowerHybridSleepPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepPluggedIn) + { + $enumPowerHybridSleepPluggedIn = $getValue.AdditionalProperties.powerHybridSleepPluggedIn.ToString() + } + + $enumPowerLidCloseActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionOnBattery) + { + $enumPowerLidCloseActionOnBattery = $getValue.AdditionalProperties.powerLidCloseActionOnBattery.ToString() + } + + $enumPowerLidCloseActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionPluggedIn) + { + $enumPowerLidCloseActionPluggedIn = $getValue.AdditionalProperties.powerLidCloseActionPluggedIn.ToString() + } + + $enumPowerSleepButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionOnBattery) + { + $enumPowerSleepButtonActionOnBattery = $getValue.AdditionalProperties.powerSleepButtonActionOnBattery.ToString() + } + + $enumPowerSleepButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn) + { + $enumPowerSleepButtonActionPluggedIn = $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn.ToString() + } + + $enumPrivacyAdvertisingId = $null + if ($null -ne $getValue.AdditionalProperties.privacyAdvertisingId) + { + $enumPrivacyAdvertisingId = $getValue.AdditionalProperties.privacyAdvertisingId.ToString() + } + + $enumSafeSearchFilter = $null + if ($null -ne $getValue.AdditionalProperties.safeSearchFilter) + { + $enumSafeSearchFilter = $getValue.AdditionalProperties.safeSearchFilter.ToString() + } + + $enumSmartScreenAppInstallControl = $null + if ($null -ne $getValue.AdditionalProperties.smartScreenAppInstallControl) + { + $enumSmartScreenAppInstallControl = $getValue.AdditionalProperties.smartScreenAppInstallControl.ToString() + } + + $enumStartMenuAppListVisibility = $null + if ($null -ne $getValue.AdditionalProperties.startMenuAppListVisibility) + { + $enumStartMenuAppListVisibility = $getValue.AdditionalProperties.startMenuAppListVisibility.ToString() + } + + $enumStartMenuMode = $null + if ($null -ne $getValue.AdditionalProperties.startMenuMode) + { + $enumStartMenuMode = $getValue.AdditionalProperties.startMenuMode.ToString() + } + + $enumStartMenuPinnedFolderDocuments = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDocuments) + { + $enumStartMenuPinnedFolderDocuments = $getValue.AdditionalProperties.startMenuPinnedFolderDocuments.ToString() + } + + $enumStartMenuPinnedFolderDownloads = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDownloads) + { + $enumStartMenuPinnedFolderDownloads = $getValue.AdditionalProperties.startMenuPinnedFolderDownloads.ToString() + } + + $enumStartMenuPinnedFolderFileExplorer = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer) + { + $enumStartMenuPinnedFolderFileExplorer = $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer.ToString() + } + + $enumStartMenuPinnedFolderHomeGroup = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup) + { + $enumStartMenuPinnedFolderHomeGroup = $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup.ToString() + } + + $enumStartMenuPinnedFolderMusic = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderMusic) + { + $enumStartMenuPinnedFolderMusic = $getValue.AdditionalProperties.startMenuPinnedFolderMusic.ToString() + } + + $enumStartMenuPinnedFolderNetwork = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderNetwork) + { + $enumStartMenuPinnedFolderNetwork = $getValue.AdditionalProperties.startMenuPinnedFolderNetwork.ToString() + } + + $enumStartMenuPinnedFolderPersonalFolder = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder) + { + $enumStartMenuPinnedFolderPersonalFolder = $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder.ToString() + } + + $enumStartMenuPinnedFolderPictures = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPictures) + { + $enumStartMenuPinnedFolderPictures = $getValue.AdditionalProperties.startMenuPinnedFolderPictures.ToString() + } + + $enumStartMenuPinnedFolderSettings = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderSettings) + { + $enumStartMenuPinnedFolderSettings = $getValue.AdditionalProperties.startMenuPinnedFolderSettings.ToString() + } + + $enumStartMenuPinnedFolderVideos = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderVideos) + { + $enumStartMenuPinnedFolderVideos = $getValue.AdditionalProperties.startMenuPinnedFolderVideos.ToString() + } + + $enumWindowsSpotlightConfigureOnLockScreen = $null + if ($null -ne $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen) + { + $enumWindowsSpotlightConfigureOnLockScreen = $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen.ToString() + } + #endregion + + #region resource generator code + $timeDefenderScheduledQuickScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledQuickScanTime) + { + $timeDefenderScheduledQuickScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledQuickScanTime).ToString() + } + + $timeDefenderScheduledScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledScanTime) + { + $timeDefenderScheduledScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledScanTime).ToString() + } + #endregion + + $results = @{ + #region resource generator code + AccountsBlockAddingNonMicrosoftAccountEmail = $getValue.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail + ActivateAppsWithVoice = $enumActivateAppsWithVoice + AntiTheftModeBlocked = $getValue.AdditionalProperties.antiTheftModeBlocked + AppManagementMSIAllowUserControlOverInstall = $getValue.AdditionalProperties.appManagementMSIAllowUserControlOverInstall + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $getValue.AdditionalProperties.appManagementMSIAlwaysInstallWithElevatedPrivileges + AppManagementPackageFamilyNamesToLaunchAfterLogOn = $getValue.AdditionalProperties.appManagementPackageFamilyNamesToLaunchAfterLogOn + AppsAllowTrustedAppsSideloading = $enumAppsAllowTrustedAppsSideloading + AppsBlockWindowsStoreOriginatedApps = $getValue.AdditionalProperties.appsBlockWindowsStoreOriginatedApps + AuthenticationAllowSecondaryDevice = $getValue.AdditionalProperties.authenticationAllowSecondaryDevice + AuthenticationPreferredAzureADTenantDomainName = $getValue.AdditionalProperties.authenticationPreferredAzureADTenantDomainName + AuthenticationWebSignIn = $enumAuthenticationWebSignIn + BluetoothAllowedServices = $getValue.AdditionalProperties.bluetoothAllowedServices + BluetoothBlockAdvertising = $getValue.AdditionalProperties.bluetoothBlockAdvertising + BluetoothBlockDiscoverableMode = $getValue.AdditionalProperties.bluetoothBlockDiscoverableMode + BluetoothBlocked = $getValue.AdditionalProperties.bluetoothBlocked + BluetoothBlockPrePairing = $getValue.AdditionalProperties.bluetoothBlockPrePairing + BluetoothBlockPromptedProximalConnections = $getValue.AdditionalProperties.bluetoothBlockPromptedProximalConnections + CameraBlocked = $getValue.AdditionalProperties.cameraBlocked + CellularBlockDataWhenRoaming = $getValue.AdditionalProperties.cellularBlockDataWhenRoaming + CellularBlockVpn = $getValue.AdditionalProperties.cellularBlockVpn + CellularBlockVpnWhenRoaming = $getValue.AdditionalProperties.cellularBlockVpnWhenRoaming + CellularData = $enumCellularData + CertificatesBlockManualRootCertificateInstallation = $getValue.AdditionalProperties.certificatesBlockManualRootCertificateInstallation + ConfigureTimeZone = $getValue.AdditionalProperties.configureTimeZone + ConnectedDevicesServiceBlocked = $getValue.AdditionalProperties.connectedDevicesServiceBlocked + CopyPasteBlocked = $getValue.AdditionalProperties.copyPasteBlocked + CortanaBlocked = $getValue.AdditionalProperties.cortanaBlocked + CryptographyAllowFipsAlgorithmPolicy = $getValue.AdditionalProperties.cryptographyAllowFipsAlgorithmPolicy + DataProtectionBlockDirectMemoryAccess = $getValue.AdditionalProperties.dataProtectionBlockDirectMemoryAccess + DefenderBlockEndUserAccess = $getValue.AdditionalProperties.defenderBlockEndUserAccess + DefenderBlockOnAccessProtection = $getValue.AdditionalProperties.defenderBlockOnAccessProtection + DefenderCloudBlockLevel = $enumDefenderCloudBlockLevel + DefenderCloudExtendedTimeout = $getValue.AdditionalProperties.defenderCloudExtendedTimeout + DefenderCloudExtendedTimeoutInSeconds = $getValue.AdditionalProperties.defenderCloudExtendedTimeoutInSeconds + DefenderDaysBeforeDeletingQuarantinedMalware = $getValue.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware + DefenderDetectedMalwareActions = $complexDefenderDetectedMalwareActions + DefenderDisableCatchupFullScan = $getValue.AdditionalProperties.defenderDisableCatchupFullScan + DefenderDisableCatchupQuickScan = $getValue.AdditionalProperties.defenderDisableCatchupQuickScan + DefenderFileExtensionsToExclude = $getValue.AdditionalProperties.defenderFileExtensionsToExclude + DefenderFilesAndFoldersToExclude = $getValue.AdditionalProperties.defenderFilesAndFoldersToExclude + DefenderMonitorFileActivity = $enumDefenderMonitorFileActivity + DefenderPotentiallyUnwantedAppAction = $enumDefenderPotentiallyUnwantedAppAction + DefenderPotentiallyUnwantedAppActionSetting = $enumDefenderPotentiallyUnwantedAppActionSetting + DefenderProcessesToExclude = $getValue.AdditionalProperties.defenderProcessesToExclude + DefenderPromptForSampleSubmission = $enumDefenderPromptForSampleSubmission + DefenderRequireBehaviorMonitoring = $getValue.AdditionalProperties.defenderRequireBehaviorMonitoring + DefenderRequireCloudProtection = $getValue.AdditionalProperties.defenderRequireCloudProtection + DefenderRequireNetworkInspectionSystem = $getValue.AdditionalProperties.defenderRequireNetworkInspectionSystem + DefenderRequireRealTimeMonitoring = $getValue.AdditionalProperties.defenderRequireRealTimeMonitoring + DefenderScanArchiveFiles = $getValue.AdditionalProperties.defenderScanArchiveFiles + DefenderScanDownloads = $getValue.AdditionalProperties.defenderScanDownloads + DefenderScanIncomingMail = $getValue.AdditionalProperties.defenderScanIncomingMail + DefenderScanMappedNetworkDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan + DefenderScanMaxCpu = $getValue.AdditionalProperties.defenderScanMaxCpu + DefenderScanNetworkFiles = $getValue.AdditionalProperties.defenderScanNetworkFiles + DefenderScanRemovableDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan + DefenderScanScriptsLoadedInInternetExplorer = $getValue.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer + DefenderScanType = $enumDefenderScanType + DefenderScheduledQuickScanTime = $timeDefenderScheduledQuickScanTime + DefenderScheduledScanTime = $timeDefenderScheduledScanTime + DefenderScheduleScanEnableLowCpuPriority = $getValue.AdditionalProperties.defenderScheduleScanEnableLowCpuPriority + DefenderSignatureUpdateIntervalInHours = $getValue.AdditionalProperties.defenderSignatureUpdateIntervalInHours + DefenderSubmitSamplesConsentType = $enumDefenderSubmitSamplesConsentType + DefenderSystemScanSchedule = $enumDefenderSystemScanSchedule + DeveloperUnlockSetting = $enumDeveloperUnlockSetting + DeviceManagementBlockFactoryResetOnMobile = $getValue.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile + DeviceManagementBlockManualUnenroll = $getValue.AdditionalProperties.deviceManagementBlockManualUnenroll + DiagnosticsDataSubmissionMode = $enumDiagnosticsDataSubmissionMode + DisplayAppListWithGdiDPIScalingTurnedOff = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOff + DisplayAppListWithGdiDPIScalingTurnedOn = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOn + EdgeAllowStartPagesModification = $getValue.AdditionalProperties.edgeAllowStartPagesModification + EdgeBlockAccessToAboutFlags = $getValue.AdditionalProperties.edgeBlockAccessToAboutFlags + EdgeBlockAddressBarDropdown = $getValue.AdditionalProperties.edgeBlockAddressBarDropdown + EdgeBlockAutofill = $getValue.AdditionalProperties.edgeBlockAutofill + EdgeBlockCompatibilityList = $getValue.AdditionalProperties.edgeBlockCompatibilityList + EdgeBlockDeveloperTools = $getValue.AdditionalProperties.edgeBlockDeveloperTools + EdgeBlocked = $getValue.AdditionalProperties.edgeBlocked + EdgeBlockEditFavorites = $getValue.AdditionalProperties.edgeBlockEditFavorites + EdgeBlockExtensions = $getValue.AdditionalProperties.edgeBlockExtensions + EdgeBlockFullScreenMode = $getValue.AdditionalProperties.edgeBlockFullScreenMode + EdgeBlockInPrivateBrowsing = $getValue.AdditionalProperties.edgeBlockInPrivateBrowsing + EdgeBlockJavaScript = $getValue.AdditionalProperties.edgeBlockJavaScript + EdgeBlockLiveTileDataCollection = $getValue.AdditionalProperties.edgeBlockLiveTileDataCollection + EdgeBlockPasswordManager = $getValue.AdditionalProperties.edgeBlockPasswordManager + EdgeBlockPopups = $getValue.AdditionalProperties.edgeBlockPopups + EdgeBlockPrelaunch = $getValue.AdditionalProperties.edgeBlockPrelaunch + EdgeBlockPrinting = $getValue.AdditionalProperties.edgeBlockPrinting + EdgeBlockSavingHistory = $getValue.AdditionalProperties.edgeBlockSavingHistory + EdgeBlockSearchEngineCustomization = $getValue.AdditionalProperties.edgeBlockSearchEngineCustomization + EdgeBlockSearchSuggestions = $getValue.AdditionalProperties.edgeBlockSearchSuggestions + EdgeBlockSendingDoNotTrackHeader = $getValue.AdditionalProperties.edgeBlockSendingDoNotTrackHeader + EdgeBlockSendingIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer + EdgeBlockSideloadingExtensions = $getValue.AdditionalProperties.edgeBlockSideloadingExtensions + EdgeBlockTabPreloading = $getValue.AdditionalProperties.edgeBlockTabPreloading + EdgeBlockWebContentOnNewTabPage = $getValue.AdditionalProperties.edgeBlockWebContentOnNewTabPage + EdgeClearBrowsingDataOnExit = $getValue.AdditionalProperties.edgeClearBrowsingDataOnExit + EdgeCookiePolicy = $enumEdgeCookiePolicy + EdgeDisableFirstRunPage = $getValue.AdditionalProperties.edgeDisableFirstRunPage + EdgeEnterpriseModeSiteListLocation = $getValue.AdditionalProperties.edgeEnterpriseModeSiteListLocation + EdgeFavoritesBarVisibility = $enumEdgeFavoritesBarVisibility + EdgeFavoritesListLocation = $getValue.AdditionalProperties.edgeFavoritesListLocation + EdgeFirstRunUrl = $getValue.AdditionalProperties.edgeFirstRunUrl + EdgeHomeButtonConfiguration = $complexEdgeHomeButtonConfiguration + EdgeHomeButtonConfigurationEnabled = $getValue.AdditionalProperties.edgeHomeButtonConfigurationEnabled + EdgeHomepageUrls = $getValue.AdditionalProperties.edgeHomepageUrls + EdgeKioskModeRestriction = $enumEdgeKioskModeRestriction + EdgeKioskResetAfterIdleTimeInMinutes = $getValue.AdditionalProperties.edgeKioskResetAfterIdleTimeInMinutes + EdgeNewTabPageURL = $getValue.AdditionalProperties.edgeNewTabPageURL + EdgeOpensWith = $enumEdgeOpensWith + EdgePreventCertificateErrorOverride = $getValue.AdditionalProperties.edgePreventCertificateErrorOverride + EdgeRequiredExtensionPackageFamilyNames = $getValue.AdditionalProperties.edgeRequiredExtensionPackageFamilyNames + EdgeRequireSmartScreen = $getValue.AdditionalProperties.edgeRequireSmartScreen + EdgeSearchEngine = $complexEdgeSearchEngine + EdgeSendIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer + EdgeShowMessageWhenOpeningInternetExplorerSites = $enumEdgeShowMessageWhenOpeningInternetExplorerSites + EdgeSyncFavoritesWithInternetExplorer = $getValue.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer + EdgeTelemetryForMicrosoft365Analytics = $enumEdgeTelemetryForMicrosoft365Analytics + EnableAutomaticRedeployment = $getValue.AdditionalProperties.enableAutomaticRedeployment + EnergySaverOnBatteryThresholdPercentage = $getValue.AdditionalProperties.energySaverOnBatteryThresholdPercentage + EnergySaverPluggedInThresholdPercentage = $getValue.AdditionalProperties.energySaverPluggedInThresholdPercentage + EnterpriseCloudPrintDiscoveryEndPoint = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint + EnterpriseCloudPrintDiscoveryMaxLimit = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit + EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier + EnterpriseCloudPrintOAuthAuthority = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthAuthority + EnterpriseCloudPrintOAuthClientIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier + EnterpriseCloudPrintResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintResourceIdentifier + ExperienceBlockDeviceDiscovery = $getValue.AdditionalProperties.experienceBlockDeviceDiscovery + ExperienceBlockErrorDialogWhenNoSIM = $getValue.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM + ExperienceBlockTaskSwitcher = $getValue.AdditionalProperties.experienceBlockTaskSwitcher + ExperienceDoNotSyncBrowserSettings = $enumExperienceDoNotSyncBrowserSettings + FindMyFiles = $enumFindMyFiles + GameDvrBlocked = $getValue.AdditionalProperties.gameDvrBlocked + InkWorkspaceAccess = $enumInkWorkspaceAccess + InkWorkspaceAccessState = $enumInkWorkspaceAccessState + InkWorkspaceBlockSuggestedApps = $getValue.AdditionalProperties.inkWorkspaceBlockSuggestedApps + InternetSharingBlocked = $getValue.AdditionalProperties.internetSharingBlocked + LocationServicesBlocked = $getValue.AdditionalProperties.locationServicesBlocked + LockScreenActivateAppsWithVoice = $enumLockScreenActivateAppsWithVoice + LockScreenAllowTimeoutConfiguration = $getValue.AdditionalProperties.lockScreenAllowTimeoutConfiguration + LockScreenBlockActionCenterNotifications = $getValue.AdditionalProperties.lockScreenBlockActionCenterNotifications + LockScreenBlockCortana = $getValue.AdditionalProperties.lockScreenBlockCortana + LockScreenBlockToastNotifications = $getValue.AdditionalProperties.lockScreenBlockToastNotifications + LockScreenTimeoutInSeconds = $getValue.AdditionalProperties.lockScreenTimeoutInSeconds + LogonBlockFastUserSwitching = $getValue.AdditionalProperties.logonBlockFastUserSwitching + MessagingBlockMMS = $getValue.AdditionalProperties.messagingBlockMMS + MessagingBlockRichCommunicationServices = $getValue.AdditionalProperties.messagingBlockRichCommunicationServices + MessagingBlockSync = $getValue.AdditionalProperties.messagingBlockSync + MicrosoftAccountBlocked = $getValue.AdditionalProperties.microsoftAccountBlocked + MicrosoftAccountBlockSettingsSync = $getValue.AdditionalProperties.microsoftAccountBlockSettingsSync + MicrosoftAccountSignInAssistantSettings = $enumMicrosoftAccountSignInAssistantSettings + NetworkProxyApplySettingsDeviceWide = $getValue.AdditionalProperties.networkProxyApplySettingsDeviceWide + NetworkProxyAutomaticConfigurationUrl = $getValue.AdditionalProperties.networkProxyAutomaticConfigurationUrl + NetworkProxyDisableAutoDetect = $getValue.AdditionalProperties.networkProxyDisableAutoDetect + NetworkProxyServer = $complexNetworkProxyServer + NfcBlocked = $getValue.AdditionalProperties.nfcBlocked + OneDriveDisableFileSync = $getValue.AdditionalProperties.oneDriveDisableFileSync + PasswordBlockSimple = $getValue.AdditionalProperties.passwordBlockSimple + PasswordExpirationDays = $getValue.AdditionalProperties.passwordExpirationDays + PasswordMinimumAgeInDays = $getValue.AdditionalProperties.passwordMinimumAgeInDays + PasswordMinimumCharacterSetCount = $getValue.AdditionalProperties.passwordMinimumCharacterSetCount + PasswordMinimumLength = $getValue.AdditionalProperties.passwordMinimumLength + PasswordMinutesOfInactivityBeforeScreenTimeout = $getValue.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout + PasswordPreviousPasswordBlockCount = $getValue.AdditionalProperties.passwordPreviousPasswordBlockCount + PasswordRequired = $getValue.AdditionalProperties.passwordRequired + PasswordRequiredType = $enumPasswordRequiredType + PasswordRequireWhenResumeFromIdleState = $getValue.AdditionalProperties.passwordRequireWhenResumeFromIdleState + PasswordSignInFailureCountBeforeFactoryReset = $getValue.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset + PersonalizationDesktopImageUrl = $getValue.AdditionalProperties.personalizationDesktopImageUrl + PersonalizationLockScreenImageUrl = $getValue.AdditionalProperties.personalizationLockScreenImageUrl + PowerButtonActionOnBattery = $enumPowerButtonActionOnBattery + PowerButtonActionPluggedIn = $enumPowerButtonActionPluggedIn + PowerHybridSleepOnBattery = $enumPowerHybridSleepOnBattery + PowerHybridSleepPluggedIn = $enumPowerHybridSleepPluggedIn + PowerLidCloseActionOnBattery = $enumPowerLidCloseActionOnBattery + PowerLidCloseActionPluggedIn = $enumPowerLidCloseActionPluggedIn + PowerSleepButtonActionOnBattery = $enumPowerSleepButtonActionOnBattery + PowerSleepButtonActionPluggedIn = $enumPowerSleepButtonActionPluggedIn + PrinterBlockAddition = $getValue.AdditionalProperties.printerBlockAddition + PrinterDefaultName = $getValue.AdditionalProperties.printerDefaultName + PrinterNames = $getValue.AdditionalProperties.printerNames + PrivacyAdvertisingId = $enumPrivacyAdvertisingId + PrivacyAutoAcceptPairingAndConsentPrompts = $getValue.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts + PrivacyBlockActivityFeed = $getValue.AdditionalProperties.privacyBlockActivityFeed + PrivacyBlockInputPersonalization = $getValue.AdditionalProperties.privacyBlockInputPersonalization + PrivacyBlockPublishUserActivities = $getValue.AdditionalProperties.privacyBlockPublishUserActivities + PrivacyDisableLaunchExperience = $getValue.AdditionalProperties.privacyDisableLaunchExperience + ResetProtectionModeBlocked = $getValue.AdditionalProperties.resetProtectionModeBlocked + SafeSearchFilter = $enumSafeSearchFilter + ScreenCaptureBlocked = $getValue.AdditionalProperties.screenCaptureBlocked + SearchBlockDiacritics = $getValue.AdditionalProperties.searchBlockDiacritics + SearchBlockWebResults = $getValue.AdditionalProperties.searchBlockWebResults + SearchDisableAutoLanguageDetection = $getValue.AdditionalProperties.searchDisableAutoLanguageDetection + SearchDisableIndexerBackoff = $getValue.AdditionalProperties.searchDisableIndexerBackoff + SearchDisableIndexingEncryptedItems = $getValue.AdditionalProperties.searchDisableIndexingEncryptedItems + SearchDisableIndexingRemovableDrive = $getValue.AdditionalProperties.searchDisableIndexingRemovableDrive + SearchDisableLocation = $getValue.AdditionalProperties.searchDisableLocation + SearchDisableUseLocation = $getValue.AdditionalProperties.searchDisableUseLocation + SearchEnableAutomaticIndexSizeManangement = $getValue.AdditionalProperties.searchEnableAutomaticIndexSizeManangement + SearchEnableRemoteQueries = $getValue.AdditionalProperties.searchEnableRemoteQueries + SecurityBlockAzureADJoinedDevicesAutoEncryption = $getValue.AdditionalProperties.securityBlockAzureADJoinedDevicesAutoEncryption + SettingsBlockAccountsPage = $getValue.AdditionalProperties.settingsBlockAccountsPage + SettingsBlockAddProvisioningPackage = $getValue.AdditionalProperties.settingsBlockAddProvisioningPackage + SettingsBlockAppsPage = $getValue.AdditionalProperties.settingsBlockAppsPage + SettingsBlockChangeLanguage = $getValue.AdditionalProperties.settingsBlockChangeLanguage + SettingsBlockChangePowerSleep = $getValue.AdditionalProperties.settingsBlockChangePowerSleep + SettingsBlockChangeRegion = $getValue.AdditionalProperties.settingsBlockChangeRegion + SettingsBlockChangeSystemTime = $getValue.AdditionalProperties.settingsBlockChangeSystemTime + SettingsBlockDevicesPage = $getValue.AdditionalProperties.settingsBlockDevicesPage + SettingsBlockEaseOfAccessPage = $getValue.AdditionalProperties.settingsBlockEaseOfAccessPage + SettingsBlockEditDeviceName = $getValue.AdditionalProperties.settingsBlockEditDeviceName + SettingsBlockGamingPage = $getValue.AdditionalProperties.settingsBlockGamingPage + SettingsBlockNetworkInternetPage = $getValue.AdditionalProperties.settingsBlockNetworkInternetPage + SettingsBlockPersonalizationPage = $getValue.AdditionalProperties.settingsBlockPersonalizationPage + SettingsBlockPrivacyPage = $getValue.AdditionalProperties.settingsBlockPrivacyPage + SettingsBlockRemoveProvisioningPackage = $getValue.AdditionalProperties.settingsBlockRemoveProvisioningPackage + SettingsBlockSettingsApp = $getValue.AdditionalProperties.settingsBlockSettingsApp + SettingsBlockSystemPage = $getValue.AdditionalProperties.settingsBlockSystemPage + SettingsBlockTimeLanguagePage = $getValue.AdditionalProperties.settingsBlockTimeLanguagePage + SettingsBlockUpdateSecurityPage = $getValue.AdditionalProperties.settingsBlockUpdateSecurityPage + SharedUserAppDataAllowed = $getValue.AdditionalProperties.sharedUserAppDataAllowed + SmartScreenAppInstallControl = $enumSmartScreenAppInstallControl + SmartScreenBlockPromptOverride = $getValue.AdditionalProperties.smartScreenBlockPromptOverride + SmartScreenBlockPromptOverrideForFiles = $getValue.AdditionalProperties.smartScreenBlockPromptOverrideForFiles + SmartScreenEnableAppInstallControl = $getValue.AdditionalProperties.smartScreenEnableAppInstallControl + StartBlockUnpinningAppsFromTaskbar = $getValue.AdditionalProperties.startBlockUnpinningAppsFromTaskbar + StartMenuAppListVisibility = $enumStartMenuAppListVisibility + StartMenuHideChangeAccountSettings = $getValue.AdditionalProperties.startMenuHideChangeAccountSettings + StartMenuHideFrequentlyUsedApps = $getValue.AdditionalProperties.startMenuHideFrequentlyUsedApps + StartMenuHideHibernate = $getValue.AdditionalProperties.startMenuHideHibernate + StartMenuHideLock = $getValue.AdditionalProperties.startMenuHideLock + StartMenuHidePowerButton = $getValue.AdditionalProperties.startMenuHidePowerButton + StartMenuHideRecentJumpLists = $getValue.AdditionalProperties.startMenuHideRecentJumpLists + StartMenuHideRecentlyAddedApps = $getValue.AdditionalProperties.startMenuHideRecentlyAddedApps + StartMenuHideRestartOptions = $getValue.AdditionalProperties.startMenuHideRestartOptions + StartMenuHideShutDown = $getValue.AdditionalProperties.startMenuHideShutDown + StartMenuHideSignOut = $getValue.AdditionalProperties.startMenuHideSignOut + StartMenuHideSleep = $getValue.AdditionalProperties.startMenuHideSleep + StartMenuHideSwitchAccount = $getValue.AdditionalProperties.startMenuHideSwitchAccount + StartMenuHideUserTile = $getValue.AdditionalProperties.startMenuHideUserTile + StartMenuLayoutEdgeAssetsXml = $getValue.AdditionalProperties.startMenuLayoutEdgeAssetsXml + StartMenuLayoutXml = $getValue.AdditionalProperties.startMenuLayoutXml + StartMenuMode = $enumStartMenuMode + StartMenuPinnedFolderDocuments = $enumStartMenuPinnedFolderDocuments + StartMenuPinnedFolderDownloads = $enumStartMenuPinnedFolderDownloads + StartMenuPinnedFolderFileExplorer = $enumStartMenuPinnedFolderFileExplorer + StartMenuPinnedFolderHomeGroup = $enumStartMenuPinnedFolderHomeGroup + StartMenuPinnedFolderMusic = $enumStartMenuPinnedFolderMusic + StartMenuPinnedFolderNetwork = $enumStartMenuPinnedFolderNetwork + StartMenuPinnedFolderPersonalFolder = $enumStartMenuPinnedFolderPersonalFolder + StartMenuPinnedFolderPictures = $enumStartMenuPinnedFolderPictures + StartMenuPinnedFolderSettings = $enumStartMenuPinnedFolderSettings + StartMenuPinnedFolderVideos = $enumStartMenuPinnedFolderVideos + StorageBlockRemovableStorage = $getValue.AdditionalProperties.storageBlockRemovableStorage + StorageRequireMobileDeviceEncryption = $getValue.AdditionalProperties.storageRequireMobileDeviceEncryption + StorageRestrictAppDataToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppDataToSystemVolume + StorageRestrictAppInstallToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppInstallToSystemVolume + SystemTelemetryProxyServer = $getValue.AdditionalProperties.systemTelemetryProxyServer + TaskManagerBlockEndTask = $getValue.AdditionalProperties.taskManagerBlockEndTask + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $getValue.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience + UninstallBuiltInApps = $getValue.AdditionalProperties.uninstallBuiltInApps + UsbBlocked = $getValue.AdditionalProperties.usbBlocked + VoiceRecordingBlocked = $getValue.AdditionalProperties.voiceRecordingBlocked + WebRtcBlockLocalhostIpAddress = $getValue.AdditionalProperties.webRtcBlockLocalhostIpAddress + WiFiBlockAutomaticConnectHotspots = $getValue.AdditionalProperties.wiFiBlockAutomaticConnectHotspots + WiFiBlocked = $getValue.AdditionalProperties.wiFiBlocked + WiFiBlockManualConfiguration = $getValue.AdditionalProperties.wiFiBlockManualConfiguration + WiFiScanInterval = $getValue.AdditionalProperties.wiFiScanInterval + Windows10AppsForceUpdateSchedule = $complexWindows10AppsForceUpdateSchedule + WindowsSpotlightBlockConsumerSpecificFeatures = $getValue.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures + WindowsSpotlightBlocked = $getValue.AdditionalProperties.windowsSpotlightBlocked + WindowsSpotlightBlockOnActionCenter = $getValue.AdditionalProperties.windowsSpotlightBlockOnActionCenter + WindowsSpotlightBlockTailoredExperiences = $getValue.AdditionalProperties.windowsSpotlightBlockTailoredExperiences + WindowsSpotlightBlockThirdPartyNotifications = $getValue.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications + WindowsSpotlightBlockWelcomeExperience = $getValue.AdditionalProperties.windowsSpotlightBlockWelcomeExperience + WindowsSpotlightBlockWindowsTips = $getValue.AdditionalProperties.windowsSpotlightBlockWindowsTips + WindowsSpotlightConfigureOnLockScreen = $enumWindowsSpotlightConfigureOnLockScreen + WindowsStoreBlockAutoUpdate = $getValue.AdditionalProperties.windowsStoreBlockAutoUpdate + WindowsStoreBlocked = $getValue.AdditionalProperties.windowsStoreBlocked + WindowsStoreEnablePrivateStoreOnly = $getValue.AdditionalProperties.windowsStoreEnablePrivateStoreOnly + WirelessDisplayBlockProjectionToThisDevice = $getValue.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice + WirelessDisplayBlockUserInputFromReceiver = $getValue.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver + WirelessDisplayRequirePinForPairing = $getValue.AdditionalProperties.wirelessDisplayRequirePinForPairing + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + + [Parameter()] + [System.Boolean] + $AntiTheftModeBlocked, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + + [Parameter()] + [System.Boolean] + $BluetoothBlocked, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPrePairing, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, + + [Parameter()] + [System.Boolean] + $CameraBlocked, + + [Parameter()] + [System.Boolean] + $CellularBlockDataWhenRoaming, + + [Parameter()] + [System.Boolean] + $CellularBlockVpn, + + [Parameter()] + [System.Boolean] + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, + + [Parameter()] + [System.Boolean] + $CertificatesBlockManualRootCertificateInstallation, + + [Parameter()] + [System.String] + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, + + [Parameter()] + [System.Boolean] + $CortanaBlocked, + + [Parameter()] + [System.Boolean] + $CryptographyAllowFipsAlgorithmPolicy, + + [Parameter()] + [System.Boolean] + $DataProtectionBlockDirectMemoryAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockEndUserAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockOnAccessProtection, + + [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeout, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, + + [Parameter()] + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupFullScan, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupQuickScan, + + [Parameter()] + [System.String[]] + $DefenderFileExtensionsToExclude, + + [Parameter()] + [System.String[]] + $DefenderFilesAndFoldersToExclude, + + [Parameter()] + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, + + [Parameter()] + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, + + [Parameter()] + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, + + [Parameter()] + [System.String[]] + $DefenderProcessesToExclude, + + [Parameter()] + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, + + [Parameter()] + [System.Boolean] + $DefenderRequireBehaviorMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderRequireCloudProtection, + + [Parameter()] + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, + + [Parameter()] + [System.Boolean] + $DefenderRequireRealTimeMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, + [System.Int32] + $DefenderScanMaxCpu, + + [Parameter()] + [System.Boolean] + $DefenderScanNetworkFiles, - [Parameter(Mandatory = $True)] + [Parameter()] + [System.Boolean] + $DefenderScanRemovableDrivesDuringFullScan, + + [Parameter()] + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, + + [Parameter()] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $DefenderScanType, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, + + [Parameter()] + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, + + [Parameter()] + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] [System.String] - $ApplicationId, + $DefenderSubmitSamplesConsentType, [Parameter()] + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] [System.String] - $TenantId, + $DefenderSystemScanSchedule, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockFactoryResetOnMobile, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - $CertificateThumbprint, + $DiagnosticsDataSubmissionMode, [Parameter()] - [Switch] - $ManagedIdentity - ) + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, - Write-Verbose -Message "Checking for the Intune Device Configuration Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'beta' + [Parameter()] + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + [Parameter()] + [System.Boolean] + $EdgeAllowStartPagesModification, - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + [Parameter()] + [System.Boolean] + $EdgeBlockAccessToAboutFlags, - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + [Parameter()] + [System.Boolean] + $EdgeBlockAddressBarDropdown, - try - { - $policy = Get-MgDeviceManagementDeviceConfiguration -Filter "displayName eq '$DisplayName'" ` - -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + [Parameter()] + [System.Boolean] + $EdgeBlockAutofill, - if ($null -eq $policy) - { - Write-Verbose -Message "No Device Configuration Policy {$DisplayName} was found" - return $nullResult - } + [Parameter()] + [System.Boolean] + $EdgeBlockCompatibilityList, - $DefenderDetectedMalwareActionsValues = $null - if (-not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity)) - { - $DefenderDetectedMalwareActionsValues = @{ - LowSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity - ModerateSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity - HighSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity - SevereSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity - } - } + [Parameter()] + [System.Boolean] + $EdgeBlockDeveloperTools, - Write-Verbose -Message "Found Device Configuration Policy {$DisplayName}" - $results = @{ - Description = $policy.Description - DisplayName = $policy.DisplayName - EnterpriseCloudPrintDiscoveryEndPoint = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint - EnterpriseCloudPrintOAuthAuthority = $policy.AdditionalProperties.enterpriseCloudPrintOAuthAuthority - EnterpriseCloudPrintOAuthClientIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier - EnterpriseCloudPrintResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintResourceIdentifier - EnterpriseCloudPrintDiscoveryMaxLimit = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit - EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier - SearchBlockDiacritics = $policy.AdditionalProperties.searchBlockDiacritics - SearchDisableAutoLanguageDetection = $policy.AdditionalProperties.searchDisableAutoLanguageDetection - SearchDisableIndexingEncryptedItems = $policy.AdditionalProperties.searchDisableIndexingEncryptedItems - SearchEnableRemoteQueries = $policy.AdditionalProperties.searchEnableRemoteQueries - SearchDisableIndexerBackoff = $policy.AdditionalProperties.searchDisableIndexerBackoff - SearchDisableIndexingRemovableDrive = $policy.AdditionalProperties.searchDisableIndexingRemovableDrive - SearchEnableAutomaticIndexSizeManangement = $policy.AdditionalProperties.searchEnableAutomaticIndexSizeManangement - DiagnosticsDataSubmissionMode = $policy.AdditionalProperties.diagnosticsDataSubmissionMode - OneDriveDisableFileSync = $policy.AdditionalProperties.oneDriveDisableFileSync - SmartScreenEnableAppInstallControl = $policy.AdditionalProperties.smartScreenEnableAppInstallControl - PersonalizationDesktopImageUrl = $policy.AdditionalProperties.personalizationDesktopImageUrl - PersonalizationLockScreenImageUrl = $policy.AdditionalProperties.personalizationLockScreenImageUrl - BluetoothAllowedServices = $policy.AdditionalProperties.bluetoothAllowedServices - BluetoothBlockAdvertising = $policy.AdditionalProperties.bluetoothBlockAdvertising - BluetoothBlockDiscoverableMode = $policy.AdditionalProperties.bluetoothBlockDiscoverableMode - BluetoothBlockPrePairing = $policy.AdditionalProperties.bluetoothBlockPrePairing - EdgeBlockAutofill = $policy.AdditionalProperties.edgeBlockAutofill - EdgeBlocked = $policy.AdditionalProperties.edgeBlocked - EdgeCookiePolicy = $policy.AdditionalProperties.edgeCookiePolicy - EdgeBlockDeveloperTools = $policy.AdditionalProperties.edgeBlockDeveloperTools - EdgeBlockSendingDoNotTrackHeader = $policy.AdditionalProperties.edgeBlockSendingDoNotTrackHeader - EdgeBlockExtensions = $policy.AdditionalProperties.edgeBlockExtensions - EdgeBlockInPrivateBrowsing = $policy.AdditionalProperties.edgeBlockInPrivateBrowsing - EdgeBlockJavaScript = $policy.AdditionalProperties.edgeBlockJavaScript - EdgeBlockPasswordManager = $policy.AdditionalProperties.edgeBlockPasswordManager - EdgeBlockAddressBarDropdown = $policy.AdditionalProperties.edgeBlockAddressBarDropdown - EdgeBlockCompatibilityList = $policy.AdditionalProperties.edgeBlockCompatibilityList - EdgeClearBrowsingDataOnExit = $policy.AdditionalProperties.edgeClearBrowsingDataOnExit - EdgeAllowStartPagesModification = $policy.AdditionalProperties.edgeAllowStartPagesModification - EdgeDisableFirstRunPage = $policy.AdditionalProperties.edgeDisableFirstRunPage - EdgeBlockLiveTileDataCollection = $policy.AdditionalProperties.edgeBlockLiveTileDataCollection - EdgeSyncFavoritesWithInternetExplorer = $policy.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer - CellularBlockDataWhenRoaming = $policy.AdditionalProperties.cellularBlockDataWhenRoaming - CellularBlockVpn = $policy.AdditionalProperties.cellularBlockVpn - CellularBlockVpnWhenRoaming = $policy.AdditionalProperties.cellularBlockVpnWhenRoaming - DefenderRequireRealTimeMonitoring = $policy.AdditionalProperties.defenderRequireRealTimeMonitoring - DefenderRequireBehaviorMonitoring = $policy.AdditionalProperties.defenderRequireBehaviorMonitoring - DefenderRequireNetworkInspectionSystem = $policy.AdditionalProperties.defenderRequireNetworkInspectionSystem - DefenderScanDownloads = $policy.AdditionalProperties.defenderScanDownloads - DefenderScanScriptsLoadedInInternetExplorer = $policy.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer - DefenderBlockEndUserAccess = $policy.AdditionalProperties.defenderBlockEndUserAccess - DefenderSignatureUpdateIntervalInHours = $policy.AdditionalProperties.defenderSignatureUpdateIntervalInHours - DefenderMonitorFileActivity = $policy.AdditionalProperties.defenderMonitorFileActivity - DefenderDaysBeforeDeletingQuarantinedMalware = $policy.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware - DefenderScanMaxCpu = $policy.AdditionalProperties.defenderScanMaxCpu - DefenderScanArchiveFiles = $policy.AdditionalProperties.defenderScanArchiveFiles - DefenderScanIncomingMail = $policy.AdditionalProperties.defenderScanIncomingMail - DefenderScanRemovableDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan - DefenderScanMappedNetworkDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan - DefenderScanNetworkFiles = $policy.AdditionalProperties.defenderScanNetworkFiles - DefenderRequireCloudProtection = $policy.AdditionalProperties.defenderRequireCloudProtection - DefenderCloudBlockLevel = $policy.AdditionalProperties.defenderCloudBlockLevel - DefenderPromptForSampleSubmission = $policy.AdditionalProperties.defenderPromptForSampleSubmission - DefenderScheduledQuickScanTime = $policy.AdditionalProperties.defenderScheduledQuickScanTime - DefenderScanType = $policy.AdditionalProperties.defenderScanType - DefenderSystemScanSchedule = $policy.AdditionalProperties.defenderSystemScanSchedule - DefenderScheduledScanTime = $policy.AdditionalProperties.defenderScheduledScanTime - DefenderDetectedMalwareActions = $DefenderDetectedMalwareActionsValues - DefenderFileExtensionsToExclude = $policy.AdditionalProperties.defenderFileExtensionsToExclude - DefenderFilesAndFoldersToExclude = $policy.AdditionalProperties.defenderFilesAndFoldersToExclude - DefenderProcessesToExclude = $policy.AdditionalProperties.defenderProcessesToExclude - LockScreenAllowTimeoutConfiguration = $policy.AdditionalProperties.lockScreenAllowTimeoutConfiguration - LockScreenBlockActionCenterNotifications = $policy.AdditionalProperties.lockScreenBlockActionCenterNotifications - LockScreenBlockCortana = $policy.AdditionalProperties.lockScreenBlockCortana - LockScreenBlockToastNotifications = $policy.AdditionalProperties.lockScreenBlockToastNotifications - LockScreenTimeoutInSeconds = $policy.AdditionalProperties.lockScreenTimeoutInSeconds - PasswordBlockSimple = $policy.AdditionalProperties.passwordBlockSimple - PasswordExpirationDays = $policy.AdditionalProperties.passwordExpirationDays - PasswordMinimumLength = $policy.AdditionalProperties.passwordMinimumLength - PasswordMinutesOfInactivityBeforeScreenTimeout = $policy.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout - PasswordMinimumCharacterSetCount = $policy.AdditionalProperties.passwordMinimumCharacterSetCount - PasswordPreviousPasswordBlockCount = $policy.AdditionalProperties.passwordPreviousPasswordBlockCount - PasswordRequired = $policy.AdditionalProperties.passwordRequired - PasswordRequireWhenResumeFromIdleState = $policy.AdditionalProperties.passwordRequireWhenResumeFromIdleState - PasswordRequiredType = $policy.AdditionalProperties.passwordRequiredType - PasswordSignInFailureCountBeforeFactoryReset = $policy.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset - PrivacyAdvertisingId = $policy.AdditionalProperties.privacyAdvertisingId - PrivacyAutoAcceptPairingAndConsentPrompts = $policy.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts - PrivacyBlockInputPersonalization = $policy.AdditionalProperties.privacyBlockInputPersonalization - StartBlockUnpinningAppsFromTaskbar = $policy.AdditionalProperties.startBlockUnpinningAppsFromTaskbar - StartMenuAppListVisibility = $policy.AdditionalProperties.startMenuAppListVisibility - StartMenuHideChangeAccountSettings = $policy.AdditionalProperties.startMenuHideChangeAccountSettings - StartMenuHideFrequentlyUsedApps = $policy.AdditionalProperties.startMenuHideFrequentlyUsedApps - StartMenuHideHibernate = $policy.AdditionalProperties.startMenuHideHibernate - StartMenuHideLock = $policy.AdditionalProperties.startMenuHideLock - StartMenuHidePowerButton = $policy.AdditionalProperties.startMenuHidePowerButton - StartMenuHideRecentJumpLists = $policy.AdditionalProperties.startMenuHideRecentJumpLists - StartMenuHideRecentlyAddedApps = $policy.AdditionalProperties.startMenuHideRecentlyAddedApps - StartMenuHideRestartOptions = $policy.AdditionalProperties.startMenuHideRestartOptions - StartMenuHideShutDown = $policy.AdditionalProperties.startMenuHideShutDown - StartMenuHideSignOut = $policy.AdditionalProperties.startMenuHideSignOut - StartMenuHideSleep = $policy.AdditionalProperties.startMenuHideSleep - StartMenuHideSwitchAccount = $policy.AdditionalProperties.startMenuHideSwitchAccount - StartMenuHideUserTile = $policy.AdditionalProperties.startMenuHideUserTile - StartMenuLayoutEdgeAssetsXml = $policy.AdditionalProperties.startMenuLayoutEdgeAssetsXml - StartMenuLayoutXml = $policy.AdditionalProperties.startMenuLayoutXml - StartMenuMode = $policy.AdditionalProperties.startMenuMode - StartMenuPinnedFolderDocuments = $policy.AdditionalProperties.startMenuPinnedFolderDocuments - StartMenuPinnedFolderDownloads = $policy.AdditionalProperties.startMenuPinnedFolderDownloads - StartMenuPinnedFolderFileExplorer = $policy.AdditionalProperties.startMenuPinnedFolderFileExplorer - StartMenuPinnedFolderHomeGroup = $policy.AdditionalProperties.startMenuPinnedFolderHomeGroup - StartMenuPinnedFolderMusic = $policy.AdditionalProperties.startMenuPinnedFolderMusic - StartMenuPinnedFolderNetwork = $policy.AdditionalProperties.startMenuPinnedFolderNetwork - StartMenuPinnedFolderPersonalFolder = $policy.AdditionalProperties.startMenuPinnedFolderPersonalFolder - StartMenuPinnedFolderPictures = $policy.AdditionalProperties.startMenuPinnedFolderPictures - StartMenuPinnedFolderSettings = $policy.AdditionalProperties.startMenuPinnedFolderSettings - StartMenuPinnedFolderVideos = $policy.AdditionalProperties.startMenuPinnedFolderVideos - SettingsBlockSettingsApp = $policy.AdditionalProperties.settingsBlockSettingsApp - SettingsBlockSystemPage = $policy.AdditionalProperties.settingsBlockSystemPage - SettingsBlockDevicesPage = $policy.AdditionalProperties.settingsBlockDevicesPage - SettingsBlockNetworkInternetPage = $policy.AdditionalProperties.settingsBlockNetworkInternetPage - SettingsBlockPersonalizationPage = $policy.AdditionalProperties.settingsBlockPersonalizationPage - SettingsBlockAccountsPage = $policy.AdditionalProperties.settingsBlockAccountsPage - SettingsBlockTimeLanguagePage = $policy.AdditionalProperties.settingsBlockTimeLanguagePage - SettingsBlockEaseOfAccessPage = $policy.AdditionalProperties.settingsBlockEaseOfAccessPage - SettingsBlockPrivacyPage = $policy.AdditionalProperties.settingsBlockPrivacyPage - SettingsBlockUpdateSecurityPage = $policy.AdditionalProperties.settingsBlockUpdateSecurityPage - SettingsBlockAppsPage = $policy.AdditionalProperties.settingsBlockAppsPage - SettingsBlockGamingPage = $policy.AdditionalProperties.settingsBlockGamingPage - WindowsSpotlightBlockConsumerSpecificFeatures = $policy.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures - WindowsSpotlightBlocked = $policy.AdditionalProperties.windowsSpotlightBlocked - WindowsSpotlightBlockOnActionCenter = $policy.AdditionalProperties.windowsSpotlightBlockOnActionCenter - WindowsSpotlightBlockTailoredExperiences = $policy.AdditionalProperties.windowsSpotlightBlockTailoredExperiences - WindowsSpotlightBlockThirdPartyNotifications = $policy.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications - WindowsSpotlightBlockWelcomeExperience = $policy.AdditionalProperties.windowsSpotlightBlockWelcomeExperience - WindowsSpotlightBlockWindowsTips = $policy.AdditionalProperties.windowsSpotlightBlockWindowsTips - WindowsSpotlightConfigureOnLockScreen = $policy.AdditionalProperties.windowsSpotlightConfigureOnLockScreen - NetworkProxyApplySettingsDeviceWide = $policy.AdditionalProperties.networkProxyApplySettingsDeviceWide - NetworkProxyDisableAutoDetect = $policy.AdditionalProperties.networkProxyDisableAutoDetect - NetworkProxyAutomaticConfigurationUrl = $policy.AdditionalProperties.networkProxyAutomaticConfigurationUrl - NetworkProxyServer = $policy.AdditionalProperties.networkProxyServer - AccountsBlockAddingNonMicrosoftAccountEmail = $policy.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail - AntiTheftModeBlocked = $policy.AdditionalProperties.antiTheftModeBlocked - BluetoothBlocked = $policy.AdditionalProperties.bluetoothBlocked - CameraBlocked = $policy.AdditionalProperties.cameraBlocked - ConnectedDevicesServiceBlocked = $policy.AdditionalProperties.connectedDevicesServiceBlocked - CertificatesBlockManualRootCertificateInstallation = $policy.AdditionalProperties.certificatesBlockManualRootCertificateInstallation - CopyPasteBlocked = $policy.AdditionalProperties.copyPasteBlocked - CortanaBlocked = $policy.AdditionalProperties.cortanaBlocked - DeviceManagementBlockFactoryResetOnMobile = $policy.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile - DeviceManagementBlockManualUnenroll = $policy.AdditionalProperties.deviceManagementBlockManualUnenroll - SafeSearchFilter = $policy.AdditionalProperties.safeSearchFilter - EdgeBlockPopups = $policy.AdditionalProperties.edgeBlockPopups - EdgeBlockSearchSuggestions = $policy.AdditionalProperties.edgeBlockSearchSuggestions - EdgeBlockSendingIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer - EdgeSendIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer - EdgeRequireSmartScreen = $policy.AdditionalProperties.edgeRequireSmartScreen - EdgeEnterpriseModeSiteListLocation = $policy.AdditionalProperties.edgeEnterpriseModeSiteListLocation - EdgeFirstRunUrl = $policy.AdditionalProperties.edgeFirstRunUrl - EdgeSearchEngine = $policy.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType - EdgeHomepageUrls = $policy.AdditionalProperties.edgeHomepageUrls - EdgeBlockAccessToAboutFlags = $policy.AdditionalProperties.edgeBlockAccessToAboutFlags - SmartScreenBlockPromptOverride = $policy.AdditionalProperties.smartScreenBlockPromptOverride - SmartScreenBlockPromptOverrideForFiles = $policy.AdditionalProperties.smartScreenBlockPromptOverrideForFiles - WebRtcBlockLocalhostIpAddress = $policy.AdditionalProperties.webRtcBlockLocalhostIpAddress - InternetSharingBlocked = $policy.AdditionalProperties.internetSharingBlocked - SettingsBlockAddProvisioningPackage = $policy.AdditionalProperties.settingsBlockAddProvisioningPackage - SettingsBlockRemoveProvisioningPackage = $policy.AdditionalProperties.settingsBlockRemoveProvisioningPackage - SettingsBlockChangeSystemTime = $policy.AdditionalProperties.settingsBlockChangeSystemTime - SettingsBlockEditDeviceName = $policy.AdditionalProperties.settingsBlockEditDeviceName - SettingsBlockChangeRegion = $policy.AdditionalProperties.settingsBlockChangeRegion - SettingsBlockChangeLanguage = $policy.AdditionalProperties.settingsBlockChangeLanguage - SettingsBlockChangePowerSleep = $policy.AdditionalProperties.settingsBlockChangePowerSleep - LocationServicesBlocked = $policy.AdditionalProperties.locationServicesBlocked - MicrosoftAccountBlocked = $policy.AdditionalProperties.microsoftAccountBlocked - MicrosoftAccountBlockSettingsSync = $policy.AdditionalProperties.microsoftAccountBlockSettingsSync - NfcBlocked = $policy.AdditionalProperties.nfcBlocked - ResetProtectionModeBlocked = $policy.AdditionalProperties.resetProtectionModeBlocked - ScreenCaptureBlocked = $policy.AdditionalProperties.screenCaptureBlocked - StorageBlockRemovableStorage = $policy.AdditionalProperties.storageBlockRemovableStorage - StorageRequireMobileDeviceEncryption = $policy.AdditionalProperties.storageRequireMobileDeviceEncryption - UsbBlocked = $policy.AdditionalProperties.usbBlocked - VoiceRecordingBlocked = $policy.AdditionalProperties.voiceRecordingBlocked - WiFiBlockAutomaticConnectHotspots = $policy.AdditionalProperties.wiFiBlockAutomaticConnectHotspots - WiFiBlocked = $policy.AdditionalProperties.wiFiBlocked - WiFiBlockManualConfiguration = $policy.AdditionalProperties.wiFiBlockManualConfiguration - WiFiScanInterval = $policy.AdditionalProperties.wiFiScanInterval - WirelessDisplayBlockProjectionToThisDevice = $policy.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice - WirelessDisplayBlockUserInputFromReceiver = $policy.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver - WirelessDisplayRequirePinForPairing = $policy.AdditionalProperties.wirelessDisplayRequirePinForPairing - WindowsStoreBlocked = $policy.AdditionalProperties.windowsStoreBlocked - AppsAllowTrustedAppsSideloading = $policy.AdditionalProperties.appsAllowTrustedAppsSideloading - WindowsStoreBlockAutoUpdate = $policy.AdditionalProperties.windowsStoreBlockAutoUpdate - DeveloperUnlockSetting = $policy.AdditionalProperties.developerUnlockSetting - SharedUserAppDataAllowed = $policy.AdditionalProperties.sharedUserAppDataAllowed - AppsBlockWindowsStoreOriginatedApps = $policy.AdditionalProperties.appsBlockWindowsStoreOriginatedApps - WindowsStoreEnablePrivateStoreOnly = $policy.AdditionalProperties.windowsStoreEnablePrivateStoreOnly - StorageRestrictAppDataToSystemVolume = $policy.AdditionalProperties.storageRestrictAppDataToSystemVolume - StorageRestrictAppInstallToSystemVolume = $policy.AdditionalProperties.storageRestrictAppInstallToSystemVolume - GameDvrBlocked = $policy.AdditionalProperties.gameDvrBlocked - ExperienceBlockDeviceDiscovery = $policy.AdditionalProperties.experienceBlockDeviceDiscovery - ExperienceBlockErrorDialogWhenNoSIM = $policy.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM - ExperienceBlockTaskSwitcher = $policy.AdditionalProperties.experienceBlockTaskSwitcher - LogonBlockFastUserSwitching = $policy.AdditionalProperties.logonBlockFastUserSwitching - TenantLockdownRequireNetworkDuringOutOfBoxExperience = $policy.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - } + [Parameter()] + [System.Boolean] + $EdgeBlocked, - $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id - $assignmentResult = @() - foreach ($assignmentEntry in $returnAssignments) - { - $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId - } - $assignmentResult += $assignmentValue - } - $results.Add('Assignments', $assignmentResult) - return $results - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + [Parameter()] + [System.Boolean] + $EdgeBlockEditFavorites, - return $nullResult - } -} + [Parameter()] + [System.Boolean] + $EdgeBlockExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockFullScreenMode, + + [Parameter()] + [System.Boolean] + $EdgeBlockInPrivateBrowsing, + + [Parameter()] + [System.Boolean] + $EdgeBlockJavaScript, + + [Parameter()] + [System.Boolean] + $EdgeBlockLiveTileDataCollection, + + [Parameter()] + [System.Boolean] + $EdgeBlockPasswordManager, + + [Parameter()] + [System.Boolean] + $EdgeBlockPopups, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrelaunch, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrinting, + + [Parameter()] + [System.Boolean] + $EdgeBlockSavingHistory, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchEngineCustomization, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchSuggestions, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, + + [Parameter()] + [System.Boolean] + $EdgeBlockSideloadingExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockTabPreloading, + + [Parameter()] + [System.Boolean] + $EdgeBlockWebContentOnNewTabPage, + + [Parameter()] + [System.Boolean] + $EdgeClearBrowsingDataOnExit, + + [Parameter()] + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, + + [Parameter()] + [System.Boolean] + $EdgeDisableFirstRunPage, + + [Parameter()] + [System.String] + $EdgeEnterpriseModeSiteListLocation, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, + + [Parameter()] + [System.String] + $EdgeFavoritesListLocation, + + [Parameter()] + [System.String] + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, + + [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [System.String] + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, + + [Parameter()] + [System.String] + $EdgeNewTabPageURL, + + [Parameter()] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $True)] + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $DisplayName, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $Description, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] [System.String] $EnterpriseCloudPrintDiscoveryEndPoint, + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, + + [Parameter()] + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [Parameter()] [System.String] $EnterpriseCloudPrintOAuthAuthority, @@ -1191,343 +2536,421 @@ function Set-TargetResource $EnterpriseCloudPrintResourceIdentifier, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $ExperienceBlockDeviceDiscovery, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SearchDisableAutoLanguageDetection, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SearchDisableIndexerBackoff, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DiagnosticsDataSubmissionMode, + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $LockScreenBlockActionCenterNotifications, [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + [System.Boolean] + $LockScreenBlockCortana, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $LockScreenBlockToastNotifications, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $EdgeBlockAutofill, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $EdgeBlocked, + $MicrosoftAccountBlocked, + + [Parameter()] + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled')] [System.String] - $EdgeCookiePolicy, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $NetworkProxyApplySettingsDeviceWide, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [System.String] + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $NetworkProxyDisableAutoDetect, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [Microsoft.Management.Infrastructure.CimInstance] + $NetworkProxyServer, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $NfcBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $PasswordRequired, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('deviceDefault','alphanumeric','numeric')] + [System.String] + $PasswordRequiredType, [Parameter()] [System.Boolean] - $CellularBlockVpnWhenRoaming, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, + + [Parameter()] + [System.String] + $PersonalizationDesktopImageUrl, + + [Parameter()] + [System.String] + $PersonalizationLockScreenImageUrl, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $DefenderRequireBehaviorMonitoring, + $PrinterBlockAddition, + + [Parameter()] + [System.String] + $PrinterDefaultName, + + [Parameter()] + [System.String[]] + $PrinterNames, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, + [System.Boolean] + $SearchEnableRemoteQueries, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $SettingsBlockAccountsPage, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Boolean] + $SettingsBlockAddProvisioningPackage, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [System.Boolean] + $SettingsBlockAppsPage, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $SettingsBlockChangeLanguage, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $SettingsBlockEaseOfAccessPage, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Boolean] + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $SettingsBlockGamingPage, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $SettingsBlockNetworkInternetPage, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $SettingsBlockPersonalizationPage, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $SettingsBlockPrivacyPage, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $SettingsBlockRemoveProvisioningPackage, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $PasswordRequired, + $SettingsBlockSystemPage, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $SettingsBlockTimeLanguagePage, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $SettingsBlockUpdateSecurityPage, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $PrivacyAdvertisingId, + $SmartScreenAppInstallControl, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -1592,107 +3015,123 @@ function Set-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $UsbBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $WiFiBlockAutomaticConnectHotspots, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] @@ -1723,742 +3162,867 @@ function Set-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled','enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, [Parameter()] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code [Parameter()] [System.Boolean] $AccountsBlockAddingNonMicrosoftAccountEmail, + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + [Parameter()] [System.Boolean] $AntiTheftModeBlocked, + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + [Parameter()] [System.Boolean] $BluetoothBlocked, [Parameter()] [System.Boolean] - $CameraBlocked, + $BluetoothBlockPrePairing, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $BluetoothBlockPromptedProximalConnections, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $CameraBlocked, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $CortanaBlocked, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] - $SafeSearchFilter, + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $DefenderBlockOnAccessProtection, [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $DefenderCloudBlockLevel, [Parameter()] - [System.String] - $EdgeFirstRunUrl, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.String] - $EdgeSearchEngine, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverride, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $DefenderRequireBehaviorMonitoring, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $DefenderRequireCloudProtection, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $DefenderRequireNetworkInspectionSystem, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $NfcBlocked, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [System.Boolean] - $StorageBlockRemovableStorage, + [System.Int32] + $DefenderScanMaxCpu, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $UsbBlocked, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + [ValidateSet('userDefined','disabled','quick','full')] + [System.String] + $DefenderScanType, [Parameter()] - [System.Boolean] - $WiFiBlocked, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $WindowsStoreBlockAutoUpdate, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $EdgeAllowStartPagesModification, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $EdgeBlockAccessToAboutFlags, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $EdgeBlockAddressBarDropdown, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $EdgeBlockAutofill, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $EdgeBlockCompatibilityList, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $EdgeBlocked, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $EdgeBlockEditFavorites, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $EdgeBlockExtensions, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $EdgeBlockFullScreenMode, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, - - [Parameter(Mandatory = $True)] - [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $EdgeBlockInPrivateBrowsing, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Boolean] + $EdgeBlockJavaScript, [Parameter()] - [System.String] - $ApplicationId, + [System.Boolean] + $EdgeBlockLiveTileDataCollection, [Parameter()] - [System.String] - $TenantId, + [System.Boolean] + $EdgeBlockPasswordManager, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] - [System.String] - $CertificateThumbprint, + [System.Boolean] + $EdgeBlockPrelaunch, [Parameter()] - [Switch] - $ManagedIdentity - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentPolicy = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent') - { - Write-Verbose -Message "Creating new Device Configuration Policy {$DisplayName}" - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - $policy = New-MgDeviceManagementDeviceConfiguration -DisplayName $DisplayName ` - -Description $Description ` - -AdditionalProperties $AdditionalProperties - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - if ($policy.id) - { - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $policy.id ` - -Targets $assignmentsHash - } - #endregion - } - elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - Update-MgDeviceManagementDeviceConfiguration -AdditionalProperties $AdditionalProperties ` - -Description $Description ` - -DeviceConfigurationId $configDevicePolicy.Id - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $configDevicePolicy.Id ` - -Targets $assignmentsHash - #endregion - } - elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, + [System.Boolean] + $EdgeBlockPrinting, [Parameter()] - [System.String] - $Description, + [System.Boolean] + $EdgeBlockSavingHistory, [Parameter()] - [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + [System.Boolean] + $EdgeBlockSearchEngineCustomization, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $EdgeBlockSearchSuggestions, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $EdgeBlockSideloadingExtensions, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $EdgeDisableFirstRunPage, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String] + $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [System.Boolean] - $SearchDisableIndexingRemovableDrive, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, [Parameter()] - [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + [System.String] + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] - $DiagnosticsDataSubmissionMode, + $EdgeFirstRunUrl, [Parameter()] - [System.Boolean] - $oneDriveDisableFileSync, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $PersonalizationDesktopImageUrl, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] [System.String] - $PersonalizationLockScreenImageUrl, + $EdgeNewTabPageURL, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $EdgePreventCertificateErrorOverride, [Parameter()] - [System.Boolean] - $BluetoothBlockDiscoverableMode, + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $EdgeRequireSmartScreen, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, [Parameter()] [System.Boolean] - $EdgeBlocked, + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $EdgeCookiePolicy, + $EdgeShowMessageWhenOpeningInternetExplorerSites, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [System.String] + $EdgeTelemetryForMicrosoft365Analytics, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $EnableAutomaticRedeployment, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockJavaScript, + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockPasswordManager, + [System.String] + $EnterpriseCloudPrintDiscoveryEndPoint, [Parameter()] - [System.Boolean] - $EdgeBlockAddressBarDropdown, + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.String] + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.String] + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $EdgeBlockLiveTileDataCollection, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $DefenderRequireRealTimeMonitoring, + $GameDvrBlocked, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DefenderMonitorFileActivity, + $LockScreenActivateAppsWithVoice, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $LockScreenAllowTimeoutConfiguration, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $LockScreenBlockToastNotifications, [Parameter()] - [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $MessagingBlockRichCommunicationServices, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $MessagingBlockSync, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $MicrosoftAccountBlocked, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] + [ValidateSet('notConfigured','disabled')] [System.String] - $DefenderScanType, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $NetworkProxyApplySettingsDeviceWide, [Parameter()] [System.String] - $DefenderScheduledScanTime, - - [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, - - [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $NetworkProxyDisableAutoDetect, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, - - [Parameter()] - [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $NetworkProxyServer, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $NfcBlocked, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $PasswordBlockSimple, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $PasswordBlockSimple, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinimumLength, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, - - [Parameter()] - [System.Uint64] + [System.Int32] $PasswordPreviousPasswordBlockCount, [Parameter()] @@ -2466,420 +4030,424 @@ function Test-TargetResource $PasswordRequired, [Parameter()] - [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, - - [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] $PasswordRequiredType, [Parameter()] - [System.Uint64] + [System.Boolean] + $PasswordRequireWhenResumeFromIdleState, + + [Parameter()] + [System.Int32] $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] - $PrivacyAdvertisingId, + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $PrivacyBlockInputPersonalization, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $StartMenuAppListVisibility, + $PowerHybridSleepOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideChangeAccountSettings, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideHibernate, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideLock, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHidePowerButton, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $StartMenuHideRecentlyAddedApps, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $StartMenuHideRestartOptions, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $StartMenuHideShutDown, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $StartMenuHideSwitchAccount, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.String] - $StartMenuLayoutEdgeAssetsXml, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [System.String] - $StartMenuLayoutXml, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','strict','moderate')] [System.String] - $StartMenuMode, + $SafeSearchFilter, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDocuments, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDownloads, + [System.Boolean] + $SearchBlockDiacritics, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderFileExplorer, + [System.Boolean] + $SearchBlockWebResults, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderHomeGroup, + [System.Boolean] + $SearchDisableAutoLanguageDetection, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderMusic, + [System.Boolean] + $SearchDisableIndexerBackoff, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderNetwork, + [System.Boolean] + $SearchDisableIndexingEncryptedItems, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPersonalFolder, + [System.Boolean] + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPictures, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderSettings, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderVideos, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $SearchEnableRemoteQueries, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $SettingsBlockChangeLanguage, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $SettingsBlockRemoveProvisioningPackage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $SettingsBlockSystemPage, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] - [System.String] - $WindowsSpotlightConfigureOnLockScreen, + [System.Boolean] + $SettingsBlockTimeLanguagePage, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $SettingsBlockUpdateSecurityPage, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $SharedUserAppDataAllowed, [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $SmartScreenAppInstallControl, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $SmartScreenBlockPromptOverrideForFiles, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [System.Boolean] - $CameraBlocked, + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $StartMenuHideChangeAccountSettings, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $StartMenuHideFrequentlyUsedApps, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $StartMenuHideHibernate, [Parameter()] [System.Boolean] - $CortanaBlocked, + $StartMenuHideLock, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $StartMenuHidePowerButton, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $StartMenuHideRecentJumpLists, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] - [System.String] - $SafeSearchFilter, + [System.Boolean] + $StartMenuHideRecentlyAddedApps, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $StartMenuHideRestartOptions, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $StartMenuHideShutDown, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $StartMenuHideSignOut, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $StartMenuHideSleep, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $StartMenuHideSwitchAccount, [Parameter()] - [System.String] - $EdgeEnterpriseModeSiteListLocation, + [System.Boolean] + $StartMenuHideUserTile, [Parameter()] [System.String] - $EdgeFirstRunUrl, + $StartMenuLayoutEdgeAssetsXml, [Parameter()] [System.String] - $EdgeSearchEngine, - - [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + $StartMenuLayoutXml, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, [Parameter()] - [System.Boolean] - $SettingsBlockChangeLanguage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $StorageRestrictAppInstallToSystemVolume, [Parameter()] - [System.Boolean] - $NfcBlocked, + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $UsbBlocked, [Parameter()] [System.Boolean] - $UsbBlocked, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] @@ -2894,91 +4462,95 @@ function Test-TargetResource $WiFiBlockManualConfiguration, [Parameter()] - [System.Uint64] + [System.Int32] $WiFiScanInterval, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $WindowsSpotlightBlockConsumerSpecificFeatures, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $WindowsSpotlightBlocked, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, - - [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $WindowsSpotlightBlockOnActionCenter, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $WindowsSpotlightBlockTailoredExperiences, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $WindowsSpotlightBlockWelcomeExperience, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $WindowsSpotlightBlockWindowsTips, [Parameter()] - [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $WindowsStoreBlocked, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $WindowsStoreEnablePrivateStoreOnly, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $WirelessDisplayBlockProjectionToThisDevice, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $WirelessDisplayBlockUserInputFromReceiver, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $WirelessDisplayRequirePinForPairing, [Parameter()] - [System.Boolean] - $LogonBlockFastUserSwitching, + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -3009,109 +4581,69 @@ function Test-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Device Configuration Policy {$DisplayName}" - - $CurrentValues = Get-TargetResource @PSBoundParameters - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" - # Check DefenderDetectedMalwareActions - if ($CurrentValues.DefenderDetectedMalwareActions.LowSeverity -ne $DefenderDetectedMalwareActions.LowSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.ModerateSeverity -ne $DefenderDetectedMalwareActions.ModerateSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.HighSeverity -ne $DefenderDetectedMalwareActions.HighSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.SevereSeverity -ne $DefenderDetectedMalwareActions.SevereSeverity) - { - Write-Verbose -Message "Test-TargetResource returned $false" - return $false - } - $ValuesToCheck.Remove('DefenderDetectedMalwareActions') | Out-Null + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - #region Assignments $testResult = $true - if ((-not $CurrentValues.Assignments) -xor (-not $ValuesToCheck.Assignments)) - { - Write-Verbose -Message 'Configuration drift: one the assignment is null' - return $false - } - - if ($CurrentValues.Assignments) - { - if ($CurrentValues.Assignments.count -ne $ValuesToCheck.Assignments.count) - { - Write-Verbose -Message "Configuration drift: Number of assignment has changed - current {$($CurrentValues.Assignments.count)} target {$($ValuesToCheck.Assignments.count)}" - return $false - } - foreach ($assignment in $CurrentValues.Assignments) - { - #GroupId Assignment - if (-not [String]::IsNullOrEmpty($assignment.groupId)) - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.groupId -eq $assignment.groupId } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } - #AllDevices/AllUsers assignment - else - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.dataType -eq $assignment.dataType } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - if (-not $testResult) + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) { $testResult = $false break } + + $ValuesToCheck.Remove($key) | Out-Null } } - if (-not $testResult) + + $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) { - return $false + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys } - $ValuesToCheck.Remove('Assignments') | Out-Null - #endregion - - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $testResult" - return $TestResult + return $testResult } function Export-TargetResource @@ -3120,10 +4652,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] - [System.String] - $Filter, - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -3157,7 +4685,7 @@ function Export-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` @@ -3167,12 +4695,18 @@ function Export-TargetResource try { - [array]$policies = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop -All:$true -Filter $Filter | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } + #endregion + $i = 1 $dscContent = '' - if ($policies.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -3180,11 +4714,17 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } - foreach ($policy in $policies) + foreach ($config in $getValue) { - Write-Host " |---[$i/$($policies.Count)] $($policy.DisplayName)" -NoNewline + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - DisplayName = $policy.DisplayName + Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -3193,25 +4733,83 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } + $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - - if ($Results.DefenderDetectedMalwareActions) + if ($null -ne $Results.DefenderDetectedMalwareActions) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DefenderDetectedMalwareActions ` + -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions1' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DefenderDetectedMalwareActions = $complexTypeStringResult + } + else + { + $Results.Remove('DefenderDetectedMalwareActions') | Out-Null + } + } + if ($null -ne $Results.EdgeHomeButtonConfiguration) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeHomeButtonConfiguration ` + -CIMInstanceName 'MicrosoftGraphedgeHomeButtonConfiguration' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeHomeButtonConfiguration = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeHomeButtonConfiguration') | Out-Null + } + } + if ($null -ne $Results.EdgeSearchEngine) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeSearchEngine ` + -CIMInstanceName 'MicrosoftGraphedgeSearchEngineBase' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeSearchEngine = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeSearchEngine') | Out-Null + } + } + if ($null -ne $Results.NetworkProxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.NetworkProxyServer ` + -CIMInstanceName 'MicrosoftGraphwindows10NetworkProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.NetworkProxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('NetworkProxyServer') | Out-Null + } + } + if ($null -ne $Results.Windows10AppsForceUpdateSchedule) { - $StringContent = [System.Text.StringBuilder]::new() - $StringContent.AppendLine('MSFT_IntuneDefenderDetectedMalwareActions {') | Out-Null - $StringContent.AppendLine(" LowSeverity = '" + $Results.DefenderDetectedMalwareActions.LowSeverity + "'") | Out-Null - $StringContent.AppendLine(" ModerateSeverity = '" + $Results.DefenderDetectedMalwareActions.ModerateSeverity + "'") | Out-Null - $StringContent.AppendLine(" HighSeverity = '" + $Results.DefenderDetectedMalwareActions.HighSeverity + "'") | Out-Null - $StringContent.AppendLine(" SevereSeverity = '" + $Results.DefenderDetectedMalwareActions.SevereSeverity + "'") | Out-Null - $StringContent.AppendLine(' }') | Out-Null - $Results.DefenderDetectedMalwareActions = $StringContent.ToString() + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.Windows10AppsForceUpdateSchedule ` + -CIMInstanceName 'MicrosoftGraphwindows10AppsForceUpdateSchedule' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.Windows10AppsForceUpdateSchedule = $complexTypeStringResult + } + else + { + $Results.Remove('Windows10AppsForceUpdateSchedule') | Out-Null + } } if ($Results.Assignments) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) { $Results.Assignments = $complexTypeStringResult @@ -3226,23 +4824,33 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DefenderDetectedMalwareActions' + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + } + if ($Results.EdgeHomeButtonConfiguration) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeHomeButtonConfiguration" -isCIMArray:$False + } + if ($Results.EdgeSearchEngine) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeSearchEngine" -isCIMArray:$False + } + if ($Results.NetworkProxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NetworkProxyServer" -isCIMArray:$False + } + if ($Results.Windows10AppsForceUpdateSchedule) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Windows10AppsForceUpdateSchedule" -isCIMArray:$False } - if ($Results.Assignments) { - $isCIMArray = $false - if ($Results.Assignments.getType().Fullname -like '*[[\]]') - { - $isCIMArray = $true - } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true } - + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -3255,11 +4863,6 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - if ($_.Exception -like '*401*') - { - Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." - } - New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -3270,88 +4873,57 @@ function Export-TargetResource } } -function Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Properties - ) - - $results = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - foreach ($property in $properties.Keys) - { - if ($property -ne 'Verbose') - { - $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) - if ($propertyName -eq 'defenderDetectedMalwareActions') - { - $propertyValue = @{ - lowSeverity = $properties.$property.lowSeverity - moderateSeverity = $properties.$property.moderateSeverity - highSeverity = $properties.$property.highSeverity - severeSeverity = $properties.$property.severeSeverity - } - } - else - { - $propertyValue = $properties.$property - } - $results.Add($propertyName, $propertyValue) - } - } - return $results -} - -function Update-DeviceConfigurationPolicyAssignments +function Update-DeviceConfigurationPolicyAssignment { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] - param - ( + param ( [Parameter(Mandatory = 'true')] [System.String] $DeviceConfigurationPolicyId, [Parameter()] [Array] - $Targets - ) + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) try { - $configurationPolicyAssignments = @() - - $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { - $formattedTarget = @{'@odata.type' = $target.dataType } + $formattedTarget = @{"@odata.type" = $target.dataType} if ($target.groupId) { - $formattedTarget.Add('groupId', $target.groupId) + $formattedTarget.Add('groupId',$target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId', $target.collectionId) + $formattedTarget.Add('collectionId',$target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $configurationPolicyAssignments += @{'target' = $formattedTarget } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body = @{'assignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { @@ -3365,33 +4937,82 @@ function Update-DeviceConfigurationPolicyAssignments } } -function Get-M365DSCDRGComplexTypeToHashtable +function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( - [Parameter()] - $ComplexObject + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties ) - if ($null -eq $ComplexObject) - { - return $null + $keyToRename = @{ + "odataType" = "@odata.type" } + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return ,$result + } + #endregion - if ($ComplexObject.getType().Fullname -like '*hashtable') + #region Single + if ($type -like "*Hashtable") { - return $ComplexObject + $result = ([Hashtable]$Properties).clone() } - if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { - return [hashtable[]]$ComplexObject + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + if ($null -eq $ComplexObject) + { + return $null + } - if ($ComplexObject.gettype().fullname -like '*[[\]]') + if ($ComplexObject.gettype().fullname -like "*[[\]]") { $results = @() @@ -3407,41 +5028,104 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } - foreach ($key in $keys) + if ($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } - if ($ComplexObject.$($key.Name)) + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + $keyName = $key.Name + } - if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { - $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName $results.Add($keyName, $hash) } else { - $results.Add($keyName, $ComplexObject.$($key.Name)) + $results.Add($keyName, $ComplexObject.$keyName) } } } - return [hashtable]$results } +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> function Get-M365DSCDRGComplexTypeToString { [CmdletBinding()] - #[OutputType([System.String])] - param - ( + param( [Parameter()] $ComplexObject, @@ -3457,6 +5141,10 @@ function Get-M365DSCDRGComplexTypeToString [System.String] $Whitespace = '', + [Parameter()] + [System.uint32] + $IndentLevel = 3, + [Parameter()] [switch] $isArray = $false @@ -3467,53 +5155,77 @@ function Get-M365DSCDRGComplexTypeToString return $null } + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like '*[[\]]') + if ($ComplexObject.GetType().FullName -like "*[[\]]") { $currentProperty = @() + $IndentLevel++ foreach ($item in $ComplexObject) { - $split = @{ + $splat = @{ 'ComplexObject' = $item 'CIMInstanceName' = $CIMInstanceName - 'Whitespace' = " $whitespace" + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping', $ComplexTypeMapping) + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) } - $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split - + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , $currentProperty + return ,$currentProperty } $currentProperty = '' if ($isArray) { $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' } - $currentProperty += "$whitespace`MSFT_$CIMInstanceName{`r`n" $keyNotNull = 0 - foreach ($key in $ComplexObject.Keys) + + if ($ComplexObject.Keys.count -eq 0) { + return $null + } - if ($ComplexObject[$key]) + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject[$key].GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray = $true + } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -3521,73 +5233,124 @@ function Get-M365DSCDRGComplexTypeToString $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if ($key -notin $ComplexTypeMapping.Name) + if (-not $isArray) { - $Whitespace += ' ' + $currentProperty += $indent + $key + ' = ' } - if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - $currentProperty += $whitespace + $key + ' = ' - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + if ($ComplexObject.$key.count -gt 0) { - $currentProperty += '@(' + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" } } - if ($key -in $ComplexTypeMapping.Name) + if ($isArray) { - $Whitespace = '' - + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- } - $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping - - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) { - $currentProperty += ')' + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } } + $isArray = $PSBoundParameters.IsArray } else { - if (-not $isArray) - { - $Whitespace = ' ' - } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) } } else { - $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} if ($mappedKey -and $mappedKey.isRequired) { if ($mappedKey.isArray) { - $currentProperty += "$Whitespace $key = @()`r`n" + $currentProperty += "$indent$key = @()`r`n" } else { - $currentProperty += "$Whitespace $key = `$null`r`n" + $currentProperty += "$indent$key = `$null`r`n" } } } } - $currentProperty += "$Whitespace}" + $indent = '' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } return $currentProperty } -function Get-M365DSCDRGSimpleObjectTypeToString +Function Get-M365DSCDRGSimpleObjectTypeToString { [CmdletBinding()] [OutputType([System.String])] - param - ( + param( [Parameter(Mandatory = 'true')] [System.String] $Key, @@ -3598,30 +5361,31 @@ function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] $Space = ' ' - ) + + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - '*.Boolean' + "*.Boolean" { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - '*.String' + "*.String" { if ($key -eq '@odata.type') { - $key = 'odataType' + $key ='odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*.DateTime' + "*.DateTime" { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*[[\]]' + "*[[\]]" { - $returnValue = $Space + $key + ' = @(' + $returnValue = $Space + $key + " = @(" $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -3630,15 +5394,15 @@ function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in $Value) + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { - '*.String' + "*.String" { $returnValue += "$whitespace'$item'$newline" } - '*.DateTime' + "*.DateTime" { $returnValue += "$whitespace'$item'$newline" } @@ -3660,7 +5424,7 @@ function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -3670,17 +5434,15 @@ function Compare-M365DSCComplexObject { [CmdletBinding()] [OutputType([System.Boolean])] - param - ( + param( [Parameter()] $Source, - [Parameter()] $Target ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -3702,7 +5464,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { if ($source.count -ne $target.count) { @@ -3714,51 +5476,44 @@ function Compare-M365DSCComplexObject return $true } - $i = 0 foreach ($item in $Source) { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem - $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + if ($compareResult) + { + break + } + } if (-not $compareResult) { Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } - $i++ } return $true } - $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { - #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target $skey = $key $tkey = $key - if ($key -eq 'odataType') - { - $skey = '@odata.type' - } - else - { - $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } - if ($tkey) - { - $tkey = $tmpkey | Select-Object -First 1 - } - } $sourceValue = $Source.$key $targetValue = $Target.$tkey #One of the item is null and not the other - if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if ($null -eq $Source.$skey) + if ($null -eq $Source.$key) { $sourceValue = 'null' } @@ -3768,23 +5523,23 @@ function Compare-M365DSCComplexObject $targetValue = 'null' } - Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" return $false } #Both keys aren't null or empty - if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } @@ -3792,35 +5547,47 @@ function Compare-M365DSCComplexObject { #Simple object comparison $referenceObject = $Target.$tkey - $differenceObject = $Source.$skey + $differenceObject = $Source.$key - $compareResult = Compare-Object ` - -ReferenceObject ($referenceObject) ` - -DifferenceObject ($differenceObject) + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } if ($null -ne $compareResult) { - Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } } } - return $true } function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( + [OutputType([hashtable],[hashtable[]])] + param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like '*[[\]]') + if ($ComplexObject.getType().Fullname -like "*[[\]]") { $results = @() foreach ($item in $ComplexObject) @@ -3833,18 +5600,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if ($hashComplexObject) + if ($null -ne $hashComplexObject) { - $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -3853,7 +5619,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName, $propertyValue) + $results.add($propertyName,$propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof index bd7b26b064..820a0213e7 100644 Binary files a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof and b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md index 9a4928a3fe..f8d24cfa3a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md @@ -3,4 +3,4 @@ ## Description -This resource configures an Intune device configuration profile for an Windows 10 Device. +Intune Device Configuration Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json index 6123ec197e..fd1ad15727 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json @@ -1,32 +1,33 @@ { "resourceName": "IntuneDeviceConfigurationPolicyWindows10", - "description": "This resource configures an Intune device configuration profile for an Windows 10 Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "description": "This resource configures an Intune Device Configuration Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..ec0bee60aa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 @@ -0,0 +1,273 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 deleted file mode 100644 index ac30bf3bc5..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 +++ /dev/null @@ -1,198 +0,0 @@ -<# -This example creates a new General Device Configuration Policy for Windows. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceConfigurationPolicyWindows10 'ConfigureDeviceConfigurationPolicyWindows10' - { - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = MSFT_IntuneDefenderDetectedMalwareActions - { - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $credsGlobalAdmin - } - } -} diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 2fb1f46eb1..414fce925c 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -352,13 +352,17 @@ function New-M365DSCResource if ($getListIdentifier -contains 'Filter') { $getAlternativeFilterString.appendline(" -Filter `"$alternativeKey eq '`$$alternativeKey'`" ``")|out-null - $getAlternativeFilterString.append(" -ErrorAction SilentlyContinue")|out-null + $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null + $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null + $getAlternativeFilterString.appendline(" `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null + $getAlternativeFilterString.append(" }")|out-null } else { $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null $getAlternativeFilterString.appendline(" `$_.$alternativeKey -eq `"`$(`$$alternativeKey)`" ``")|out-null + $getAlternativeFilterString.appendline(" -and `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null $getAlternativeFilterString.append(" }")|out-null } Write-TokenReplacement -Token '' -Value $getAlternativeFilterString.ToString() -FilePath $moduleFilePath @@ -472,6 +476,7 @@ function New-M365DSCResource #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n,`r`n" , "`r`n" ) '@ } $requiredKey = '' @@ -1586,15 +1591,15 @@ function Get-ComplexTypeConstructorToString if ($isNested) { $valuePrefix=$ParentPropertyValuePath - if ($null -eq $valuePrefix) - { + #if ($null -eq $valuePrefix) + #{ $propRoot=$ParentPropertyName.replace("my","") $valuePrefix="current$propRoot." - if ($property.IsRootProperty -eq $false -and -not $IsNested) - { - $valuePrefix += "AdditionalProperties." - } - } + #if ($property.IsRootProperty -eq $false -and -not $IsNested) + #{ + # $valuePrefix += "AdditionalProperties." + #} + #} } $iterationPropertyName="current$propertyName" $complexString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null @@ -1617,6 +1622,7 @@ function Get-ComplexTypeConstructorToString if ($Property.IsArray) { $valuePrefix = "$iterationPropertyName." + $referencePrefix = "$iterationPropertyName." } if ($isNested -and -not $Property.IsArray) { @@ -1678,12 +1684,27 @@ function Get-ComplexTypeConstructorToString if ($nestedProperty.Type -like "*.Date*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString('$DateFormat')" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null @@ -1692,12 +1713,26 @@ function Get-ComplexTypeConstructorToString elseif ($nestedProperty.Type -like "*.Time*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString()" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index 56659937cf..cbb58f1d27 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -296,6 +296,7 @@ function Test-TargetResource } } + $ValuesToCheck.remove("Id") | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 4419ff4f27..09048ca2b6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -2,1219 +2,2121 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve + -ChildPath "..\..\Unit" ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` + -ChildPath "\UnitTestHelper.psm1" ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneDeviceConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath - + -DscResource "IntuneDeviceConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - $secpasswd = ConvertTo-SecureString 'Pass@word1' -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } - Mock -CommandName New-M365DSCConnection -MockWith { - return 'Credentials' + Mock -CommandName Get-PSSession -MockWith { } - Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName Remove-PSSession -MockWith { } Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Get-MGDeviceManagementDeviceConfigurationAssignment -MockWith { + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } - return @() + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" } - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } - } + } # Test contexts - Context -Name "When the policy doesn't already exist" -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - #edgeSearchEngine = "https://go.microsoft.com/fwlink/?linkid=842596" #'Google' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - - It 'Should return absent from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } - It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - - It 'Should create the policy from the Set method' { + It 'Should Create the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName 'New-MgDeviceManagementDeviceConfiguration' -Exactly 1 + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Absent" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $false # Drift - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should update the policy from the Set method' { + It 'Should Remove the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - - Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { BeforeAll { - $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - DisplayName = 'CONTOSO | W10 | Device Restriction' - Ensure = 'Absent' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + AdditionalProperties = @{ + energySaverOnBatteryThresholdPercentage = 7 + edgeHomepageUrls = @("FakeStringValue") + startMenuPinnedFolderSettings = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + passwordMinimumLength = 7 + configureTimeZone = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + safeSearchFilter = "userDefined" + edgeKioskModeRestriction = "notConfigured" + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + personalizationLockScreenImageUrl = "FakeStringValue" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + diagnosticsDataSubmissionMode = "userDefined" + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + cellularData = "blocked" + defenderScanMaxCpu = 7 + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + passwordMinimumCharacterSetCount = 7 + edgeOpensWith = "notConfigured" + defenderScanType = "userDefined" + printerNames = @("FakeStringValue") + authenticationWebSignIn = "notConfigured" + defenderPromptForSampleSubmission = "userDefined" + powerHybridSleepOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + lockScreenTimeoutInSeconds = 7 + defenderSystemScanSchedule = "userDefined" + powerHybridSleepPluggedIn = "notConfigured" + passwordMinimumAgeInDays = 7 + startMenuPinnedFolderVideos = "notConfigured" + privacyAdvertisingId = "notConfigured" + edgeCookiePolicy = "userDefined" + wiFiScanInterval = 7 + findMyFiles = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + defenderFilesAndFoldersToExclude = @("FakeStringValue") + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + developerUnlockSetting = "notConfigured" + defenderFileExtensionsToExclude = @("FakeStringValue") + systemTelemetryProxyServer = "FakeStringValue" + startMenuMode = "userDefined" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + windowsSpotlightConfigureOnLockScreen = "notConfigured" + experienceDoNotSyncBrowserSettings = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + defenderSignatureUpdateIntervalInHours = 7 + enterpriseCloudPrintDiscoveryMaxLimit = 7 + startMenuPinnedFolderPersonalFolder = "notConfigured" + edgeNewTabPageURL = "FakeStringValue" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + defenderCloudBlockLevel = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + defenderCloudExtendedTimeoutInSeconds = 7 + edgeFavoritesListLocation = "FakeStringValue" + startMenuPinnedFolderNetwork = "notConfigured" + powerButtonActionOnBattery = "notConfigured" + passwordRequiredType = "deviceDefault" + powerSleepButtonActionPluggedIn = "notConfigured" + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + lockScreenActivateAppsWithVoice = "notConfigured" + edgeFavoritesBarVisibility = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } + energySaverPluggedInThresholdPercentage = 7 + inkWorkspaceAccess = "notConfigured" + activateAppsWithVoice = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScheduledQuickScanTime = "00:00:00" + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + startMenuAppListVisibility = "userDefined" + windows10AppsForceUpdateSchedule = @{ + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = "none" + } + networkProxyServer = @{ + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderMusic = "notConfigured" + passwordExpirationDays = 7 + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + printerDefaultName = "FakeStringValue" + personalizationDesktopImageUrl = "FakeStringValue" + microsoftAccountSignInAssistantSettings = "notConfigured" + edgeFirstRunUrl = "FakeStringValue" + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + bluetoothAllowedServices = @("FakeStringValue") + defenderCloudExtendedTimeout = 7 + startMenuPinnedFolderFileExplorer = "notConfigured" + passwordMinutesOfInactivityBeforeScreenTimeout = 7 + smartScreenAppInstallControl = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + passwordSignInFailureCountBeforeFactoryReset = 7 + defenderMonitorFileActivity = "userDefined" + edgeKioskResetAfterIdleTimeInMinutes = 7 + defenderProcessesToExclude = @("FakeStringValue") + defenderDaysBeforeDeletingQuarantinedMalware = 7 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderScheduledScanTime = "00:00:00" + passwordPreviousPasswordBlockCount = 7 + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return true from the Test method' { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should remove the policy from the Set method' { + It "Should call the Set method" { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'ReverseDSC Tests' -Fixture { + Context -Name "ReverseDSC Tests" -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -1224,190 +2126,320 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + AdditionalProperties = @{ + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } - - It 'Should Reverse Engineer resource from the Export method' { + It "Should Reverse Engineer resource from the Export method" { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty }