From 06d53f8d91e90e4506355c51bd170abd1ded01df Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 16:40:03 +0100 Subject: [PATCH 1/5] resource rework --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b79e64c6e..a3d358d1e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change log for Microsoft365DSC # UNRELEASED +* IntuneDeviceConfigurationPolicyWindows10 + * [BREAKING CHANGE] Added complex parameters as embedded CIM (DefenderDetectedMalwareActions, EdgeHomeButtonConfiguration, EdgeSearchEngine, NetworkProxyServer, Windows10AppsForceUpdateSchedule) + * Resource regenerated with DRG + * FIXES[#2867](https://github.com/microsoft/Microsoft365DSC/issues/2867) + * FIXES[#2868](https://github.com/microsoft/Microsoft365DSC/issues/2868) * AADAdministrativeUnit * [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required * Fixes extraction of the Members property. From 53846673f37d7f982fe51179bf5f64cb0328ceaf Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 16:40:25 +0100 Subject: [PATCH 2/5] resource rework --- ...uneDeviceConfigurationPolicyWindows10.psm1 | 4964 +++++++++++------ ...iceConfigurationPolicyWindows10.schema.mof | Bin 73952 -> 62143 bytes .../readme.md | 2 +- .../settings.json | 59 +- ...ceConfigurationPolicyWindows10-Example.ps1 | 273 + ...tuneDeviceConfigurationPolicyWindows10.ps1 | 198 - .../M365DSCResourceGenerator.psm1 | 43 +- ResourceGenerator/Module.Template.psm1 | 1 + ...viceConfigurationPolicyWindows10.Tests.ps1 | 3604 +++++++----- 9 files changed, 6026 insertions(+), 3118 deletions(-) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 delete mode 100644 Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 index 1c86747e12..3176adfabd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.psm1 @@ -4,220 +4,211 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, - + #region resource generator code [Parameter()] - [System.String] - $Description, + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + $ActivateAppsWithVoice, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $AntiTheftModeBlocked, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + $AppsAllowTrustedAppsSideloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $AppsBlockWindowsStoreOriginatedApps, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $AuthenticationAllowSecondaryDevice, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, [Parameter()] - [System.Boolean] - $SearchEnableRemoteQueries, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String[]] + $BluetoothAllowedServices, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $BluetoothBlockAdvertising, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, - - [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] - [System.String] - $DiagnosticsDataSubmissionMode, + $BluetoothBlockDiscoverableMode, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $BluetoothBlocked, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, - - [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + $BluetoothBlockPrePairing, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Boolean] + $CameraBlocked, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $CellularBlockVpnWhenRoaming, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $EdgeBlocked, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] [System.String] - $EdgeCookiePolicy, + $ConfigureTimeZone, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $ConnectedDevicesServiceBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockInPrivateBrowsing, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $DefenderBlockOnAccessProtection, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $DefenderScanDownloads, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $DefenderRequireBehaviorMonitoring, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $DefenderRequireCloudProtection, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] @@ -225,959 +216,2313 @@ function Get-TargetResource [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] $DefenderScanMappedNetworkDrivesDuringFullScan, + [Parameter()] + [System.Int32] + $DefenderScanMaxCpu, + [Parameter()] [System.Boolean] $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - $DefenderPromptForSampleSubmission, + $DefenderScanType, [Parameter()] - [System.String] + [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, - - [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $DeviceManagementBlockManualUnenroll, [Parameter()] - [System.Boolean] - $LockScreenBlockCortana, + [ValidateSet('userDefined','none','basic','enhanced','full')] + [System.String] + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $LockScreenBlockToastNotifications, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $EdgeAllowStartPagesModification, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $EdgeBlockAccessToAboutFlags, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $EdgeBlockAddressBarDropdown, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $EdgeBlockAutofill, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $EdgeBlockCompatibilityList, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $PasswordRequired, + $EdgeBlocked, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $EdgeBlockEditFavorites, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $EdgeBlockExtensions, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $EdgeBlockFullScreenMode, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $PrivacyAdvertisingId, + [System.Boolean] + $EdgeBlockInPrivateBrowsing, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $EdgeBlockJavaScript, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $EdgeBlockLiveTileDataCollection, [Parameter()] [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + $EdgeBlockPasswordManager, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] - [System.String] - $StartMenuAppListVisibility, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] [System.Boolean] - $StartMenuHideChangeAccountSettings, + $EdgeBlockPrelaunch, [Parameter()] [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + $EdgeBlockPrinting, [Parameter()] [System.Boolean] - $StartMenuHideHibernate, + $EdgeBlockSavingHistory, [Parameter()] [System.Boolean] - $StartMenuHideLock, + $EdgeBlockSearchEngineCustomization, [Parameter()] [System.Boolean] - $StartMenuHidePowerButton, + $EdgeBlockSearchSuggestions, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] [System.Boolean] - $StartMenuHideRecentlyAddedApps, + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] [System.Boolean] - $StartMenuHideRestartOptions, + $EdgeBlockSideloadingExtensions, [Parameter()] [System.Boolean] - $StartMenuHideShutDown, + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $StartMenuHideSwitchAccount, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $EdgeDisableFirstRunPage, [Parameter()] [System.String] - $StartMenuLayoutEdgeAssetsXml, + $EdgeEnterpriseModeSiteListLocation, [Parameter()] + [ValidateSet('notConfigured','hide','show')] [System.String] - $StartMenuLayoutXml, + $EdgeFavoritesBarVisibility, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] [System.String] - $StartMenuMode, + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderDocuments, + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $StartMenuPinnedFolderDownloads, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderFileExplorer, + $EdgeNewTabPageURL, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] [System.String] - $StartMenuPinnedFolderHomeGroup, + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $StartMenuPinnedFolderMusic, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $StartMenuPinnedFolderNetwork, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPersonalFolder, + $EnterpriseCloudPrintDiscoveryEndPoint, + + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderPictures, + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderSettings, + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] [System.String] - $StartMenuPinnedFolderVideos, + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $SettingsBlockSettingsApp, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SettingsBlockPersonalizationPage, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $LocationServicesBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $LockScreenBlockToastNotifications, + + [Parameter()] + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $MicrosoftAccountBlocked, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled')] [System.String] - $WindowsSpotlightConfigureOnLockScreen, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] $NetworkProxyApplySettingsDeviceWide, - [Parameter()] - [System.Boolean] - $NetworkProxyDisableAutoDetect, - [Parameter()] [System.String] $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] + [System.Boolean] + $NetworkProxyDisableAutoDetect, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] $NetworkProxyServer, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $NfcBlocked, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $CameraBlocked, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $ConnectedDevicesServiceBlocked, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $CopyPasteBlocked, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $CortanaBlocked, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $PasswordRequired, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] - $SafeSearchFilter, + $PasswordRequiredType, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $EdgeBlockSearchSuggestions, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $EdgeRequireSmartScreen, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $PowerButtonActionPluggedIn, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeFirstRunUrl, + $PowerHybridSleepOnBattery, [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $EdgeSearchEngine, + $PowerHybridSleepPluggedIn, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $SettingsBlockChangeSystemTime, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $SettingsBlockEditDeviceName, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $SettingsBlockChangeRegion, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $PrivacyBlockPublishUserActivities, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $PrivacyDisableLaunchExperience, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $ResetProtectionModeBlocked, [Parameter()] - [System.Boolean] - $MicrosoftAccountBlocked, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $NfcBlocked, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $UsbBlocked, + $SearchDisableIndexingRemovableDrive, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $SearchDisableLocation, [Parameter()] [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + $SearchDisableUseLocation, [Parameter()] [System.Boolean] - $WiFiBlocked, + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $SearchEnableRemoteQueries, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $SettingsBlockChangeLanguage, [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $SettingsBlockChangeRegion, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $SettingsBlockRemoveProvisioningPackage, + + [Parameter()] + [System.Boolean] + $SettingsBlockSettingsApp, + + [Parameter()] + [System.Boolean] + $SettingsBlockSystemPage, + + [Parameter()] + [System.Boolean] + $SettingsBlockTimeLanguagePage, + + [Parameter()] + [System.Boolean] + $SettingsBlockUpdateSecurityPage, + + [Parameter()] + [System.Boolean] + $SharedUserAppDataAllowed, + + [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] + [System.String] + $SmartScreenAppInstallControl, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverride, + + [Parameter()] + [System.Boolean] + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, + + [Parameter()] + [System.Boolean] + $StartBlockUnpinningAppsFromTaskbar, + + [Parameter()] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, + + [Parameter()] + [System.Boolean] + $StartMenuHideChangeAccountSettings, + + [Parameter()] + [System.Boolean] + $StartMenuHideFrequentlyUsedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideHibernate, + + [Parameter()] + [System.Boolean] + $StartMenuHideLock, + + [Parameter()] + [System.Boolean] + $StartMenuHidePowerButton, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentJumpLists, + + [Parameter()] + [System.Boolean] + $StartMenuHideRecentlyAddedApps, + + [Parameter()] + [System.Boolean] + $StartMenuHideRestartOptions, + + [Parameter()] + [System.Boolean] + $StartMenuHideShutDown, + + [Parameter()] + [System.Boolean] + $StartMenuHideSignOut, + + [Parameter()] + [System.Boolean] + $StartMenuHideSleep, + + [Parameter()] + [System.Boolean] + $StartMenuHideSwitchAccount, + + [Parameter()] + [System.Boolean] + $StartMenuHideUserTile, + + [Parameter()] + [System.String] + $StartMenuLayoutEdgeAssetsXml, + + [Parameter()] + [System.String] + $StartMenuLayoutXml, + + [Parameter()] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, + + [Parameter()] + [System.Boolean] + $StorageBlockRemovableStorage, + + [Parameter()] + [System.Boolean] + $StorageRequireMobileDeviceEncryption, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppDataToSystemVolume, + + [Parameter()] + [System.Boolean] + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, + + [Parameter()] + [System.Boolean] + $TaskManagerBlockEndTask, + + [Parameter()] + [System.Boolean] + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + + [Parameter()] + [System.Boolean] + $UninstallBuiltInApps, + + [Parameter()] + [System.Boolean] + $UsbBlocked, + + [Parameter()] + [System.Boolean] + $VoiceRecordingBlocked, + + [Parameter()] + [System.Boolean] + $WebRtcBlockLocalhostIpAddress, + + [Parameter()] + [System.Boolean] + $WiFiBlockAutomaticConnectHotspots, + + [Parameter()] + [System.Boolean] + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockConsumerSpecificFeatures, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlocked, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockOnActionCenter, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockTailoredExperiences, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWelcomeExperience, + + [Parameter()] + [System.Boolean] + $WindowsSpotlightBlockWindowsTips, + + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlockAutoUpdate, + + [Parameter()] + [System.Boolean] + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, + + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters ` + -ProfileName 'beta' + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with Id {$Id}" + + if (-Not [string]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgDeviceManagementDeviceConfiguration ` + -Filter "DisplayName eq '$DisplayName'" ` + -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10GeneralConfiguration" ` + } + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." + + #region resource generator code + $complexDefenderDetectedMalwareActions = @{} + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) + { + $complexDefenderDetectedMalwareActions.Add('HighSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) + { + $complexDefenderDetectedMalwareActions.Add('LowSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) + { + $complexDefenderDetectedMalwareActions.Add('ModerateSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity.toString()) + } + if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity) + { + $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) + } + if ($complexDefenderDetectedMalwareActions.values.Where({$null -ne $_}).count -eq 0) + { + $complexDefenderDetectedMalwareActions = $null + } + + $complexEdgeHomeButtonConfiguration = @{} + $complexEdgeHomeButtonConfiguration.Add('HomeButtonCustomURL', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.homeButtonCustomURL) + if ($null -ne $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type') + { + $complexEdgeHomeButtonConfiguration.Add('odataType', $getValue.AdditionalProperties.edgeHomeButtonConfiguration.'@odata.type'.toString()) + } + if ($complexEdgeHomeButtonConfiguration.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeHomeButtonConfiguration = $null + } + + $complexEdgeSearchEngine = @{} + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType) + { + $complexEdgeSearchEngine.Add('EdgeSearchEngineType', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType.toString()) + } + $complexEdgeSearchEngine.Add('EdgeSearchEngineOpenSearchXmlUrl', $getValue.AdditionalProperties.edgeSearchEngine.edgeSearchEngineOpenSearchXmlUrl) + if ($null -ne $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type') + { + $complexEdgeSearchEngine.Add('odataType', $getValue.AdditionalProperties.edgeSearchEngine.'@odata.type'.toString()) + } + if ($complexEdgeSearchEngine.values.Where({$null -ne $_}).count -eq 0) + { + $complexEdgeSearchEngine = $null + } + + $complexNetworkProxyServer = @{} + $complexNetworkProxyServer.Add('Address', $getValue.AdditionalProperties.networkProxyServer.address) + $complexNetworkProxyServer.Add('Exceptions', $getValue.AdditionalProperties.networkProxyServer.exceptions) + $complexNetworkProxyServer.Add('UseForLocalAddresses', $getValue.AdditionalProperties.networkProxyServer.useForLocalAddresses) + if ($complexNetworkProxyServer.values.Where({$null -ne $_}).count -eq 0) + { + $complexNetworkProxyServer = $null + } + + $complexWindows10AppsForceUpdateSchedule = @{} + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence) + { + $complexWindows10AppsForceUpdateSchedule.Add('Recurrence', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.recurrence.toString()) + } + $complexWindows10AppsForceUpdateSchedule.Add('RunImmediatelyIfAfterStartDateTime', $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.runImmediatelyIfAfterStartDateTime) + if ($null -ne $getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime) + { + $complexWindows10AppsForceUpdateSchedule.Add('StartDateTime', ([DateTimeOffset]$getValue.AdditionalProperties.windows10AppsForceUpdateSchedule.startDateTime).ToString('o')) + } + if ($complexWindows10AppsForceUpdateSchedule.values.Where({$null -ne $_}).count -eq 0) + { + $complexWindows10AppsForceUpdateSchedule = $null + } + #endregion + + #region resource generator code + $enumActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.activateAppsWithVoice) + { + $enumActivateAppsWithVoice = $getValue.AdditionalProperties.activateAppsWithVoice.ToString() + } + + $enumAppsAllowTrustedAppsSideloading = $null + if ($null -ne $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading) + { + $enumAppsAllowTrustedAppsSideloading = $getValue.AdditionalProperties.appsAllowTrustedAppsSideloading.ToString() + } + + $enumAuthenticationWebSignIn = $null + if ($null -ne $getValue.AdditionalProperties.authenticationWebSignIn) + { + $enumAuthenticationWebSignIn = $getValue.AdditionalProperties.authenticationWebSignIn.ToString() + } + + $enumCellularData = $null + if ($null -ne $getValue.AdditionalProperties.cellularData) + { + $enumCellularData = $getValue.AdditionalProperties.cellularData.ToString() + } + + $enumDefenderCloudBlockLevel = $null + if ($null -ne $getValue.AdditionalProperties.defenderCloudBlockLevel) + { + $enumDefenderCloudBlockLevel = $getValue.AdditionalProperties.defenderCloudBlockLevel.ToString() + } + + $enumDefenderMonitorFileActivity = $null + if ($null -ne $getValue.AdditionalProperties.defenderMonitorFileActivity) + { + $enumDefenderMonitorFileActivity = $getValue.AdditionalProperties.defenderMonitorFileActivity.ToString() + } + + $enumDefenderPotentiallyUnwantedAppAction = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction) + { + $enumDefenderPotentiallyUnwantedAppAction = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction.ToString() + } + + $enumDefenderPotentiallyUnwantedAppActionSetting = $null + if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting) + { + $enumDefenderPotentiallyUnwantedAppActionSetting = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppActionSetting.ToString() + } + + $enumDefenderPromptForSampleSubmission = $null + if ($null -ne $getValue.AdditionalProperties.defenderPromptForSampleSubmission) + { + $enumDefenderPromptForSampleSubmission = $getValue.AdditionalProperties.defenderPromptForSampleSubmission.ToString() + } + + $enumDefenderScanType = $null + if ($null -ne $getValue.AdditionalProperties.defenderScanType) + { + $enumDefenderScanType = $getValue.AdditionalProperties.defenderScanType.ToString() + } + + $enumDefenderSubmitSamplesConsentType = $null + if ($null -ne $getValue.AdditionalProperties.defenderSubmitSamplesConsentType) + { + $enumDefenderSubmitSamplesConsentType = $getValue.AdditionalProperties.defenderSubmitSamplesConsentType.ToString() + } + + $enumDefenderSystemScanSchedule = $null + if ($null -ne $getValue.AdditionalProperties.defenderSystemScanSchedule) + { + $enumDefenderSystemScanSchedule = $getValue.AdditionalProperties.defenderSystemScanSchedule.ToString() + } + + $enumDeveloperUnlockSetting = $null + if ($null -ne $getValue.AdditionalProperties.developerUnlockSetting) + { + $enumDeveloperUnlockSetting = $getValue.AdditionalProperties.developerUnlockSetting.ToString() + } + + $enumDiagnosticsDataSubmissionMode = $null + if ($null -ne $getValue.AdditionalProperties.diagnosticsDataSubmissionMode) + { + $enumDiagnosticsDataSubmissionMode = $getValue.AdditionalProperties.diagnosticsDataSubmissionMode.ToString() + } + + $enumEdgeCookiePolicy = $null + if ($null -ne $getValue.AdditionalProperties.edgeCookiePolicy) + { + $enumEdgeCookiePolicy = $getValue.AdditionalProperties.edgeCookiePolicy.ToString() + } + + $enumEdgeFavoritesBarVisibility = $null + if ($null -ne $getValue.AdditionalProperties.edgeFavoritesBarVisibility) + { + $enumEdgeFavoritesBarVisibility = $getValue.AdditionalProperties.edgeFavoritesBarVisibility.ToString() + } + + $enumEdgeKioskModeRestriction = $null + if ($null -ne $getValue.AdditionalProperties.edgeKioskModeRestriction) + { + $enumEdgeKioskModeRestriction = $getValue.AdditionalProperties.edgeKioskModeRestriction.ToString() + } + + $enumEdgeOpensWith = $null + if ($null -ne $getValue.AdditionalProperties.edgeOpensWith) + { + $enumEdgeOpensWith = $getValue.AdditionalProperties.edgeOpensWith.ToString() + } + + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $null + if ($null -ne $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites) + { + $enumEdgeShowMessageWhenOpeningInternetExplorerSites = $getValue.AdditionalProperties.edgeShowMessageWhenOpeningInternetExplorerSites.ToString() + } + + $enumEdgeTelemetryForMicrosoft365Analytics = $null + if ($null -ne $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics) + { + $enumEdgeTelemetryForMicrosoft365Analytics = $getValue.AdditionalProperties.edgeTelemetryForMicrosoft365Analytics.ToString() + } + + $enumExperienceDoNotSyncBrowserSettings = $null + if ($null -ne $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings) + { + $enumExperienceDoNotSyncBrowserSettings = $getValue.AdditionalProperties.experienceDoNotSyncBrowserSettings.ToString() + } + + $enumFindMyFiles = $null + if ($null -ne $getValue.AdditionalProperties.findMyFiles) + { + $enumFindMyFiles = $getValue.AdditionalProperties.findMyFiles.ToString() + } + + $enumInkWorkspaceAccess = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccess) + { + $enumInkWorkspaceAccess = $getValue.AdditionalProperties.inkWorkspaceAccess.ToString() + } + + $enumInkWorkspaceAccessState = $null + if ($null -ne $getValue.AdditionalProperties.inkWorkspaceAccessState) + { + $enumInkWorkspaceAccessState = $getValue.AdditionalProperties.inkWorkspaceAccessState.ToString() + } + + $enumLockScreenActivateAppsWithVoice = $null + if ($null -ne $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice) + { + $enumLockScreenActivateAppsWithVoice = $getValue.AdditionalProperties.lockScreenActivateAppsWithVoice.ToString() + } + + $enumMicrosoftAccountSignInAssistantSettings = $null + if ($null -ne $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings) + { + $enumMicrosoftAccountSignInAssistantSettings = $getValue.AdditionalProperties.microsoftAccountSignInAssistantSettings.ToString() + } + + $enumPasswordRequiredType = $null + if ($null -ne $getValue.AdditionalProperties.passwordRequiredType) + { + $enumPasswordRequiredType = $getValue.AdditionalProperties.passwordRequiredType.ToString() + } + + $enumPowerButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionOnBattery) + { + $enumPowerButtonActionOnBattery = $getValue.AdditionalProperties.powerButtonActionOnBattery.ToString() + } + + $enumPowerButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerButtonActionPluggedIn) + { + $enumPowerButtonActionPluggedIn = $getValue.AdditionalProperties.powerButtonActionPluggedIn.ToString() + } + + $enumPowerHybridSleepOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepOnBattery) + { + $enumPowerHybridSleepOnBattery = $getValue.AdditionalProperties.powerHybridSleepOnBattery.ToString() + } + + $enumPowerHybridSleepPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerHybridSleepPluggedIn) + { + $enumPowerHybridSleepPluggedIn = $getValue.AdditionalProperties.powerHybridSleepPluggedIn.ToString() + } + + $enumPowerLidCloseActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionOnBattery) + { + $enumPowerLidCloseActionOnBattery = $getValue.AdditionalProperties.powerLidCloseActionOnBattery.ToString() + } + + $enumPowerLidCloseActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerLidCloseActionPluggedIn) + { + $enumPowerLidCloseActionPluggedIn = $getValue.AdditionalProperties.powerLidCloseActionPluggedIn.ToString() + } + + $enumPowerSleepButtonActionOnBattery = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionOnBattery) + { + $enumPowerSleepButtonActionOnBattery = $getValue.AdditionalProperties.powerSleepButtonActionOnBattery.ToString() + } + + $enumPowerSleepButtonActionPluggedIn = $null + if ($null -ne $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn) + { + $enumPowerSleepButtonActionPluggedIn = $getValue.AdditionalProperties.powerSleepButtonActionPluggedIn.ToString() + } + + $enumPrivacyAdvertisingId = $null + if ($null -ne $getValue.AdditionalProperties.privacyAdvertisingId) + { + $enumPrivacyAdvertisingId = $getValue.AdditionalProperties.privacyAdvertisingId.ToString() + } + + $enumSafeSearchFilter = $null + if ($null -ne $getValue.AdditionalProperties.safeSearchFilter) + { + $enumSafeSearchFilter = $getValue.AdditionalProperties.safeSearchFilter.ToString() + } + + $enumSmartScreenAppInstallControl = $null + if ($null -ne $getValue.AdditionalProperties.smartScreenAppInstallControl) + { + $enumSmartScreenAppInstallControl = $getValue.AdditionalProperties.smartScreenAppInstallControl.ToString() + } + + $enumStartMenuAppListVisibility = $null + if ($null -ne $getValue.AdditionalProperties.startMenuAppListVisibility) + { + $enumStartMenuAppListVisibility = $getValue.AdditionalProperties.startMenuAppListVisibility.ToString() + } + + $enumStartMenuMode = $null + if ($null -ne $getValue.AdditionalProperties.startMenuMode) + { + $enumStartMenuMode = $getValue.AdditionalProperties.startMenuMode.ToString() + } + + $enumStartMenuPinnedFolderDocuments = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDocuments) + { + $enumStartMenuPinnedFolderDocuments = $getValue.AdditionalProperties.startMenuPinnedFolderDocuments.ToString() + } + + $enumStartMenuPinnedFolderDownloads = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderDownloads) + { + $enumStartMenuPinnedFolderDownloads = $getValue.AdditionalProperties.startMenuPinnedFolderDownloads.ToString() + } + + $enumStartMenuPinnedFolderFileExplorer = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer) + { + $enumStartMenuPinnedFolderFileExplorer = $getValue.AdditionalProperties.startMenuPinnedFolderFileExplorer.ToString() + } + + $enumStartMenuPinnedFolderHomeGroup = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup) + { + $enumStartMenuPinnedFolderHomeGroup = $getValue.AdditionalProperties.startMenuPinnedFolderHomeGroup.ToString() + } + + $enumStartMenuPinnedFolderMusic = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderMusic) + { + $enumStartMenuPinnedFolderMusic = $getValue.AdditionalProperties.startMenuPinnedFolderMusic.ToString() + } + + $enumStartMenuPinnedFolderNetwork = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderNetwork) + { + $enumStartMenuPinnedFolderNetwork = $getValue.AdditionalProperties.startMenuPinnedFolderNetwork.ToString() + } + + $enumStartMenuPinnedFolderPersonalFolder = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder) + { + $enumStartMenuPinnedFolderPersonalFolder = $getValue.AdditionalProperties.startMenuPinnedFolderPersonalFolder.ToString() + } + + $enumStartMenuPinnedFolderPictures = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderPictures) + { + $enumStartMenuPinnedFolderPictures = $getValue.AdditionalProperties.startMenuPinnedFolderPictures.ToString() + } + + $enumStartMenuPinnedFolderSettings = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderSettings) + { + $enumStartMenuPinnedFolderSettings = $getValue.AdditionalProperties.startMenuPinnedFolderSettings.ToString() + } + + $enumStartMenuPinnedFolderVideos = $null + if ($null -ne $getValue.AdditionalProperties.startMenuPinnedFolderVideos) + { + $enumStartMenuPinnedFolderVideos = $getValue.AdditionalProperties.startMenuPinnedFolderVideos.ToString() + } + + $enumWindowsSpotlightConfigureOnLockScreen = $null + if ($null -ne $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen) + { + $enumWindowsSpotlightConfigureOnLockScreen = $getValue.AdditionalProperties.windowsSpotlightConfigureOnLockScreen.ToString() + } + #endregion + + #region resource generator code + $timeDefenderScheduledQuickScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledQuickScanTime) + { + $timeDefenderScheduledQuickScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledQuickScanTime).ToString() + } + + $timeDefenderScheduledScanTime = $null + if ($null -ne $getValue.AdditionalProperties.defenderScheduledScanTime) + { + $timeDefenderScheduledScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledScanTime).ToString() + } + #endregion + + $results = @{ + #region resource generator code + AccountsBlockAddingNonMicrosoftAccountEmail = $getValue.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail + ActivateAppsWithVoice = $enumActivateAppsWithVoice + AntiTheftModeBlocked = $getValue.AdditionalProperties.antiTheftModeBlocked + AppManagementMSIAllowUserControlOverInstall = $getValue.AdditionalProperties.appManagementMSIAllowUserControlOverInstall + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $getValue.AdditionalProperties.appManagementMSIAlwaysInstallWithElevatedPrivileges + AppManagementPackageFamilyNamesToLaunchAfterLogOn = $getValue.AdditionalProperties.appManagementPackageFamilyNamesToLaunchAfterLogOn + AppsAllowTrustedAppsSideloading = $enumAppsAllowTrustedAppsSideloading + AppsBlockWindowsStoreOriginatedApps = $getValue.AdditionalProperties.appsBlockWindowsStoreOriginatedApps + AuthenticationAllowSecondaryDevice = $getValue.AdditionalProperties.authenticationAllowSecondaryDevice + AuthenticationPreferredAzureADTenantDomainName = $getValue.AdditionalProperties.authenticationPreferredAzureADTenantDomainName + AuthenticationWebSignIn = $enumAuthenticationWebSignIn + BluetoothAllowedServices = $getValue.AdditionalProperties.bluetoothAllowedServices + BluetoothBlockAdvertising = $getValue.AdditionalProperties.bluetoothBlockAdvertising + BluetoothBlockDiscoverableMode = $getValue.AdditionalProperties.bluetoothBlockDiscoverableMode + BluetoothBlocked = $getValue.AdditionalProperties.bluetoothBlocked + BluetoothBlockPrePairing = $getValue.AdditionalProperties.bluetoothBlockPrePairing + BluetoothBlockPromptedProximalConnections = $getValue.AdditionalProperties.bluetoothBlockPromptedProximalConnections + CameraBlocked = $getValue.AdditionalProperties.cameraBlocked + CellularBlockDataWhenRoaming = $getValue.AdditionalProperties.cellularBlockDataWhenRoaming + CellularBlockVpn = $getValue.AdditionalProperties.cellularBlockVpn + CellularBlockVpnWhenRoaming = $getValue.AdditionalProperties.cellularBlockVpnWhenRoaming + CellularData = $enumCellularData + CertificatesBlockManualRootCertificateInstallation = $getValue.AdditionalProperties.certificatesBlockManualRootCertificateInstallation + ConfigureTimeZone = $getValue.AdditionalProperties.configureTimeZone + ConnectedDevicesServiceBlocked = $getValue.AdditionalProperties.connectedDevicesServiceBlocked + CopyPasteBlocked = $getValue.AdditionalProperties.copyPasteBlocked + CortanaBlocked = $getValue.AdditionalProperties.cortanaBlocked + CryptographyAllowFipsAlgorithmPolicy = $getValue.AdditionalProperties.cryptographyAllowFipsAlgorithmPolicy + DataProtectionBlockDirectMemoryAccess = $getValue.AdditionalProperties.dataProtectionBlockDirectMemoryAccess + DefenderBlockEndUserAccess = $getValue.AdditionalProperties.defenderBlockEndUserAccess + DefenderBlockOnAccessProtection = $getValue.AdditionalProperties.defenderBlockOnAccessProtection + DefenderCloudBlockLevel = $enumDefenderCloudBlockLevel + DefenderCloudExtendedTimeout = $getValue.AdditionalProperties.defenderCloudExtendedTimeout + DefenderCloudExtendedTimeoutInSeconds = $getValue.AdditionalProperties.defenderCloudExtendedTimeoutInSeconds + DefenderDaysBeforeDeletingQuarantinedMalware = $getValue.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware + DefenderDetectedMalwareActions = $complexDefenderDetectedMalwareActions + DefenderDisableCatchupFullScan = $getValue.AdditionalProperties.defenderDisableCatchupFullScan + DefenderDisableCatchupQuickScan = $getValue.AdditionalProperties.defenderDisableCatchupQuickScan + DefenderFileExtensionsToExclude = $getValue.AdditionalProperties.defenderFileExtensionsToExclude + DefenderFilesAndFoldersToExclude = $getValue.AdditionalProperties.defenderFilesAndFoldersToExclude + DefenderMonitorFileActivity = $enumDefenderMonitorFileActivity + DefenderPotentiallyUnwantedAppAction = $enumDefenderPotentiallyUnwantedAppAction + DefenderPotentiallyUnwantedAppActionSetting = $enumDefenderPotentiallyUnwantedAppActionSetting + DefenderProcessesToExclude = $getValue.AdditionalProperties.defenderProcessesToExclude + DefenderPromptForSampleSubmission = $enumDefenderPromptForSampleSubmission + DefenderRequireBehaviorMonitoring = $getValue.AdditionalProperties.defenderRequireBehaviorMonitoring + DefenderRequireCloudProtection = $getValue.AdditionalProperties.defenderRequireCloudProtection + DefenderRequireNetworkInspectionSystem = $getValue.AdditionalProperties.defenderRequireNetworkInspectionSystem + DefenderRequireRealTimeMonitoring = $getValue.AdditionalProperties.defenderRequireRealTimeMonitoring + DefenderScanArchiveFiles = $getValue.AdditionalProperties.defenderScanArchiveFiles + DefenderScanDownloads = $getValue.AdditionalProperties.defenderScanDownloads + DefenderScanIncomingMail = $getValue.AdditionalProperties.defenderScanIncomingMail + DefenderScanMappedNetworkDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan + DefenderScanMaxCpu = $getValue.AdditionalProperties.defenderScanMaxCpu + DefenderScanNetworkFiles = $getValue.AdditionalProperties.defenderScanNetworkFiles + DefenderScanRemovableDrivesDuringFullScan = $getValue.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan + DefenderScanScriptsLoadedInInternetExplorer = $getValue.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer + DefenderScanType = $enumDefenderScanType + DefenderScheduledQuickScanTime = $timeDefenderScheduledQuickScanTime + DefenderScheduledScanTime = $timeDefenderScheduledScanTime + DefenderScheduleScanEnableLowCpuPriority = $getValue.AdditionalProperties.defenderScheduleScanEnableLowCpuPriority + DefenderSignatureUpdateIntervalInHours = $getValue.AdditionalProperties.defenderSignatureUpdateIntervalInHours + DefenderSubmitSamplesConsentType = $enumDefenderSubmitSamplesConsentType + DefenderSystemScanSchedule = $enumDefenderSystemScanSchedule + DeveloperUnlockSetting = $enumDeveloperUnlockSetting + DeviceManagementBlockFactoryResetOnMobile = $getValue.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile + DeviceManagementBlockManualUnenroll = $getValue.AdditionalProperties.deviceManagementBlockManualUnenroll + DiagnosticsDataSubmissionMode = $enumDiagnosticsDataSubmissionMode + DisplayAppListWithGdiDPIScalingTurnedOff = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOff + DisplayAppListWithGdiDPIScalingTurnedOn = $getValue.AdditionalProperties.displayAppListWithGdiDPIScalingTurnedOn + EdgeAllowStartPagesModification = $getValue.AdditionalProperties.edgeAllowStartPagesModification + EdgeBlockAccessToAboutFlags = $getValue.AdditionalProperties.edgeBlockAccessToAboutFlags + EdgeBlockAddressBarDropdown = $getValue.AdditionalProperties.edgeBlockAddressBarDropdown + EdgeBlockAutofill = $getValue.AdditionalProperties.edgeBlockAutofill + EdgeBlockCompatibilityList = $getValue.AdditionalProperties.edgeBlockCompatibilityList + EdgeBlockDeveloperTools = $getValue.AdditionalProperties.edgeBlockDeveloperTools + EdgeBlocked = $getValue.AdditionalProperties.edgeBlocked + EdgeBlockEditFavorites = $getValue.AdditionalProperties.edgeBlockEditFavorites + EdgeBlockExtensions = $getValue.AdditionalProperties.edgeBlockExtensions + EdgeBlockFullScreenMode = $getValue.AdditionalProperties.edgeBlockFullScreenMode + EdgeBlockInPrivateBrowsing = $getValue.AdditionalProperties.edgeBlockInPrivateBrowsing + EdgeBlockJavaScript = $getValue.AdditionalProperties.edgeBlockJavaScript + EdgeBlockLiveTileDataCollection = $getValue.AdditionalProperties.edgeBlockLiveTileDataCollection + EdgeBlockPasswordManager = $getValue.AdditionalProperties.edgeBlockPasswordManager + EdgeBlockPopups = $getValue.AdditionalProperties.edgeBlockPopups + EdgeBlockPrelaunch = $getValue.AdditionalProperties.edgeBlockPrelaunch + EdgeBlockPrinting = $getValue.AdditionalProperties.edgeBlockPrinting + EdgeBlockSavingHistory = $getValue.AdditionalProperties.edgeBlockSavingHistory + EdgeBlockSearchEngineCustomization = $getValue.AdditionalProperties.edgeBlockSearchEngineCustomization + EdgeBlockSearchSuggestions = $getValue.AdditionalProperties.edgeBlockSearchSuggestions + EdgeBlockSendingDoNotTrackHeader = $getValue.AdditionalProperties.edgeBlockSendingDoNotTrackHeader + EdgeBlockSendingIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer + EdgeBlockSideloadingExtensions = $getValue.AdditionalProperties.edgeBlockSideloadingExtensions + EdgeBlockTabPreloading = $getValue.AdditionalProperties.edgeBlockTabPreloading + EdgeBlockWebContentOnNewTabPage = $getValue.AdditionalProperties.edgeBlockWebContentOnNewTabPage + EdgeClearBrowsingDataOnExit = $getValue.AdditionalProperties.edgeClearBrowsingDataOnExit + EdgeCookiePolicy = $enumEdgeCookiePolicy + EdgeDisableFirstRunPage = $getValue.AdditionalProperties.edgeDisableFirstRunPage + EdgeEnterpriseModeSiteListLocation = $getValue.AdditionalProperties.edgeEnterpriseModeSiteListLocation + EdgeFavoritesBarVisibility = $enumEdgeFavoritesBarVisibility + EdgeFavoritesListLocation = $getValue.AdditionalProperties.edgeFavoritesListLocation + EdgeFirstRunUrl = $getValue.AdditionalProperties.edgeFirstRunUrl + EdgeHomeButtonConfiguration = $complexEdgeHomeButtonConfiguration + EdgeHomeButtonConfigurationEnabled = $getValue.AdditionalProperties.edgeHomeButtonConfigurationEnabled + EdgeHomepageUrls = $getValue.AdditionalProperties.edgeHomepageUrls + EdgeKioskModeRestriction = $enumEdgeKioskModeRestriction + EdgeKioskResetAfterIdleTimeInMinutes = $getValue.AdditionalProperties.edgeKioskResetAfterIdleTimeInMinutes + EdgeNewTabPageURL = $getValue.AdditionalProperties.edgeNewTabPageURL + EdgeOpensWith = $enumEdgeOpensWith + EdgePreventCertificateErrorOverride = $getValue.AdditionalProperties.edgePreventCertificateErrorOverride + EdgeRequiredExtensionPackageFamilyNames = $getValue.AdditionalProperties.edgeRequiredExtensionPackageFamilyNames + EdgeRequireSmartScreen = $getValue.AdditionalProperties.edgeRequireSmartScreen + EdgeSearchEngine = $complexEdgeSearchEngine + EdgeSendIntranetTrafficToInternetExplorer = $getValue.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer + EdgeShowMessageWhenOpeningInternetExplorerSites = $enumEdgeShowMessageWhenOpeningInternetExplorerSites + EdgeSyncFavoritesWithInternetExplorer = $getValue.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer + EdgeTelemetryForMicrosoft365Analytics = $enumEdgeTelemetryForMicrosoft365Analytics + EnableAutomaticRedeployment = $getValue.AdditionalProperties.enableAutomaticRedeployment + EnergySaverOnBatteryThresholdPercentage = $getValue.AdditionalProperties.energySaverOnBatteryThresholdPercentage + EnergySaverPluggedInThresholdPercentage = $getValue.AdditionalProperties.energySaverPluggedInThresholdPercentage + EnterpriseCloudPrintDiscoveryEndPoint = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint + EnterpriseCloudPrintDiscoveryMaxLimit = $getValue.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit + EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier + EnterpriseCloudPrintOAuthAuthority = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthAuthority + EnterpriseCloudPrintOAuthClientIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier + EnterpriseCloudPrintResourceIdentifier = $getValue.AdditionalProperties.enterpriseCloudPrintResourceIdentifier + ExperienceBlockDeviceDiscovery = $getValue.AdditionalProperties.experienceBlockDeviceDiscovery + ExperienceBlockErrorDialogWhenNoSIM = $getValue.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM + ExperienceBlockTaskSwitcher = $getValue.AdditionalProperties.experienceBlockTaskSwitcher + ExperienceDoNotSyncBrowserSettings = $enumExperienceDoNotSyncBrowserSettings + FindMyFiles = $enumFindMyFiles + GameDvrBlocked = $getValue.AdditionalProperties.gameDvrBlocked + InkWorkspaceAccess = $enumInkWorkspaceAccess + InkWorkspaceAccessState = $enumInkWorkspaceAccessState + InkWorkspaceBlockSuggestedApps = $getValue.AdditionalProperties.inkWorkspaceBlockSuggestedApps + InternetSharingBlocked = $getValue.AdditionalProperties.internetSharingBlocked + LocationServicesBlocked = $getValue.AdditionalProperties.locationServicesBlocked + LockScreenActivateAppsWithVoice = $enumLockScreenActivateAppsWithVoice + LockScreenAllowTimeoutConfiguration = $getValue.AdditionalProperties.lockScreenAllowTimeoutConfiguration + LockScreenBlockActionCenterNotifications = $getValue.AdditionalProperties.lockScreenBlockActionCenterNotifications + LockScreenBlockCortana = $getValue.AdditionalProperties.lockScreenBlockCortana + LockScreenBlockToastNotifications = $getValue.AdditionalProperties.lockScreenBlockToastNotifications + LockScreenTimeoutInSeconds = $getValue.AdditionalProperties.lockScreenTimeoutInSeconds + LogonBlockFastUserSwitching = $getValue.AdditionalProperties.logonBlockFastUserSwitching + MessagingBlockMMS = $getValue.AdditionalProperties.messagingBlockMMS + MessagingBlockRichCommunicationServices = $getValue.AdditionalProperties.messagingBlockRichCommunicationServices + MessagingBlockSync = $getValue.AdditionalProperties.messagingBlockSync + MicrosoftAccountBlocked = $getValue.AdditionalProperties.microsoftAccountBlocked + MicrosoftAccountBlockSettingsSync = $getValue.AdditionalProperties.microsoftAccountBlockSettingsSync + MicrosoftAccountSignInAssistantSettings = $enumMicrosoftAccountSignInAssistantSettings + NetworkProxyApplySettingsDeviceWide = $getValue.AdditionalProperties.networkProxyApplySettingsDeviceWide + NetworkProxyAutomaticConfigurationUrl = $getValue.AdditionalProperties.networkProxyAutomaticConfigurationUrl + NetworkProxyDisableAutoDetect = $getValue.AdditionalProperties.networkProxyDisableAutoDetect + NetworkProxyServer = $complexNetworkProxyServer + NfcBlocked = $getValue.AdditionalProperties.nfcBlocked + OneDriveDisableFileSync = $getValue.AdditionalProperties.oneDriveDisableFileSync + PasswordBlockSimple = $getValue.AdditionalProperties.passwordBlockSimple + PasswordExpirationDays = $getValue.AdditionalProperties.passwordExpirationDays + PasswordMinimumAgeInDays = $getValue.AdditionalProperties.passwordMinimumAgeInDays + PasswordMinimumCharacterSetCount = $getValue.AdditionalProperties.passwordMinimumCharacterSetCount + PasswordMinimumLength = $getValue.AdditionalProperties.passwordMinimumLength + PasswordMinutesOfInactivityBeforeScreenTimeout = $getValue.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout + PasswordPreviousPasswordBlockCount = $getValue.AdditionalProperties.passwordPreviousPasswordBlockCount + PasswordRequired = $getValue.AdditionalProperties.passwordRequired + PasswordRequiredType = $enumPasswordRequiredType + PasswordRequireWhenResumeFromIdleState = $getValue.AdditionalProperties.passwordRequireWhenResumeFromIdleState + PasswordSignInFailureCountBeforeFactoryReset = $getValue.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset + PersonalizationDesktopImageUrl = $getValue.AdditionalProperties.personalizationDesktopImageUrl + PersonalizationLockScreenImageUrl = $getValue.AdditionalProperties.personalizationLockScreenImageUrl + PowerButtonActionOnBattery = $enumPowerButtonActionOnBattery + PowerButtonActionPluggedIn = $enumPowerButtonActionPluggedIn + PowerHybridSleepOnBattery = $enumPowerHybridSleepOnBattery + PowerHybridSleepPluggedIn = $enumPowerHybridSleepPluggedIn + PowerLidCloseActionOnBattery = $enumPowerLidCloseActionOnBattery + PowerLidCloseActionPluggedIn = $enumPowerLidCloseActionPluggedIn + PowerSleepButtonActionOnBattery = $enumPowerSleepButtonActionOnBattery + PowerSleepButtonActionPluggedIn = $enumPowerSleepButtonActionPluggedIn + PrinterBlockAddition = $getValue.AdditionalProperties.printerBlockAddition + PrinterDefaultName = $getValue.AdditionalProperties.printerDefaultName + PrinterNames = $getValue.AdditionalProperties.printerNames + PrivacyAdvertisingId = $enumPrivacyAdvertisingId + PrivacyAutoAcceptPairingAndConsentPrompts = $getValue.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts + PrivacyBlockActivityFeed = $getValue.AdditionalProperties.privacyBlockActivityFeed + PrivacyBlockInputPersonalization = $getValue.AdditionalProperties.privacyBlockInputPersonalization + PrivacyBlockPublishUserActivities = $getValue.AdditionalProperties.privacyBlockPublishUserActivities + PrivacyDisableLaunchExperience = $getValue.AdditionalProperties.privacyDisableLaunchExperience + ResetProtectionModeBlocked = $getValue.AdditionalProperties.resetProtectionModeBlocked + SafeSearchFilter = $enumSafeSearchFilter + ScreenCaptureBlocked = $getValue.AdditionalProperties.screenCaptureBlocked + SearchBlockDiacritics = $getValue.AdditionalProperties.searchBlockDiacritics + SearchBlockWebResults = $getValue.AdditionalProperties.searchBlockWebResults + SearchDisableAutoLanguageDetection = $getValue.AdditionalProperties.searchDisableAutoLanguageDetection + SearchDisableIndexerBackoff = $getValue.AdditionalProperties.searchDisableIndexerBackoff + SearchDisableIndexingEncryptedItems = $getValue.AdditionalProperties.searchDisableIndexingEncryptedItems + SearchDisableIndexingRemovableDrive = $getValue.AdditionalProperties.searchDisableIndexingRemovableDrive + SearchDisableLocation = $getValue.AdditionalProperties.searchDisableLocation + SearchDisableUseLocation = $getValue.AdditionalProperties.searchDisableUseLocation + SearchEnableAutomaticIndexSizeManangement = $getValue.AdditionalProperties.searchEnableAutomaticIndexSizeManangement + SearchEnableRemoteQueries = $getValue.AdditionalProperties.searchEnableRemoteQueries + SecurityBlockAzureADJoinedDevicesAutoEncryption = $getValue.AdditionalProperties.securityBlockAzureADJoinedDevicesAutoEncryption + SettingsBlockAccountsPage = $getValue.AdditionalProperties.settingsBlockAccountsPage + SettingsBlockAddProvisioningPackage = $getValue.AdditionalProperties.settingsBlockAddProvisioningPackage + SettingsBlockAppsPage = $getValue.AdditionalProperties.settingsBlockAppsPage + SettingsBlockChangeLanguage = $getValue.AdditionalProperties.settingsBlockChangeLanguage + SettingsBlockChangePowerSleep = $getValue.AdditionalProperties.settingsBlockChangePowerSleep + SettingsBlockChangeRegion = $getValue.AdditionalProperties.settingsBlockChangeRegion + SettingsBlockChangeSystemTime = $getValue.AdditionalProperties.settingsBlockChangeSystemTime + SettingsBlockDevicesPage = $getValue.AdditionalProperties.settingsBlockDevicesPage + SettingsBlockEaseOfAccessPage = $getValue.AdditionalProperties.settingsBlockEaseOfAccessPage + SettingsBlockEditDeviceName = $getValue.AdditionalProperties.settingsBlockEditDeviceName + SettingsBlockGamingPage = $getValue.AdditionalProperties.settingsBlockGamingPage + SettingsBlockNetworkInternetPage = $getValue.AdditionalProperties.settingsBlockNetworkInternetPage + SettingsBlockPersonalizationPage = $getValue.AdditionalProperties.settingsBlockPersonalizationPage + SettingsBlockPrivacyPage = $getValue.AdditionalProperties.settingsBlockPrivacyPage + SettingsBlockRemoveProvisioningPackage = $getValue.AdditionalProperties.settingsBlockRemoveProvisioningPackage + SettingsBlockSettingsApp = $getValue.AdditionalProperties.settingsBlockSettingsApp + SettingsBlockSystemPage = $getValue.AdditionalProperties.settingsBlockSystemPage + SettingsBlockTimeLanguagePage = $getValue.AdditionalProperties.settingsBlockTimeLanguagePage + SettingsBlockUpdateSecurityPage = $getValue.AdditionalProperties.settingsBlockUpdateSecurityPage + SharedUserAppDataAllowed = $getValue.AdditionalProperties.sharedUserAppDataAllowed + SmartScreenAppInstallControl = $enumSmartScreenAppInstallControl + SmartScreenBlockPromptOverride = $getValue.AdditionalProperties.smartScreenBlockPromptOverride + SmartScreenBlockPromptOverrideForFiles = $getValue.AdditionalProperties.smartScreenBlockPromptOverrideForFiles + SmartScreenEnableAppInstallControl = $getValue.AdditionalProperties.smartScreenEnableAppInstallControl + StartBlockUnpinningAppsFromTaskbar = $getValue.AdditionalProperties.startBlockUnpinningAppsFromTaskbar + StartMenuAppListVisibility = $enumStartMenuAppListVisibility + StartMenuHideChangeAccountSettings = $getValue.AdditionalProperties.startMenuHideChangeAccountSettings + StartMenuHideFrequentlyUsedApps = $getValue.AdditionalProperties.startMenuHideFrequentlyUsedApps + StartMenuHideHibernate = $getValue.AdditionalProperties.startMenuHideHibernate + StartMenuHideLock = $getValue.AdditionalProperties.startMenuHideLock + StartMenuHidePowerButton = $getValue.AdditionalProperties.startMenuHidePowerButton + StartMenuHideRecentJumpLists = $getValue.AdditionalProperties.startMenuHideRecentJumpLists + StartMenuHideRecentlyAddedApps = $getValue.AdditionalProperties.startMenuHideRecentlyAddedApps + StartMenuHideRestartOptions = $getValue.AdditionalProperties.startMenuHideRestartOptions + StartMenuHideShutDown = $getValue.AdditionalProperties.startMenuHideShutDown + StartMenuHideSignOut = $getValue.AdditionalProperties.startMenuHideSignOut + StartMenuHideSleep = $getValue.AdditionalProperties.startMenuHideSleep + StartMenuHideSwitchAccount = $getValue.AdditionalProperties.startMenuHideSwitchAccount + StartMenuHideUserTile = $getValue.AdditionalProperties.startMenuHideUserTile + StartMenuLayoutEdgeAssetsXml = $getValue.AdditionalProperties.startMenuLayoutEdgeAssetsXml + StartMenuLayoutXml = $getValue.AdditionalProperties.startMenuLayoutXml + StartMenuMode = $enumStartMenuMode + StartMenuPinnedFolderDocuments = $enumStartMenuPinnedFolderDocuments + StartMenuPinnedFolderDownloads = $enumStartMenuPinnedFolderDownloads + StartMenuPinnedFolderFileExplorer = $enumStartMenuPinnedFolderFileExplorer + StartMenuPinnedFolderHomeGroup = $enumStartMenuPinnedFolderHomeGroup + StartMenuPinnedFolderMusic = $enumStartMenuPinnedFolderMusic + StartMenuPinnedFolderNetwork = $enumStartMenuPinnedFolderNetwork + StartMenuPinnedFolderPersonalFolder = $enumStartMenuPinnedFolderPersonalFolder + StartMenuPinnedFolderPictures = $enumStartMenuPinnedFolderPictures + StartMenuPinnedFolderSettings = $enumStartMenuPinnedFolderSettings + StartMenuPinnedFolderVideos = $enumStartMenuPinnedFolderVideos + StorageBlockRemovableStorage = $getValue.AdditionalProperties.storageBlockRemovableStorage + StorageRequireMobileDeviceEncryption = $getValue.AdditionalProperties.storageRequireMobileDeviceEncryption + StorageRestrictAppDataToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppDataToSystemVolume + StorageRestrictAppInstallToSystemVolume = $getValue.AdditionalProperties.storageRestrictAppInstallToSystemVolume + SystemTelemetryProxyServer = $getValue.AdditionalProperties.systemTelemetryProxyServer + TaskManagerBlockEndTask = $getValue.AdditionalProperties.taskManagerBlockEndTask + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $getValue.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience + UninstallBuiltInApps = $getValue.AdditionalProperties.uninstallBuiltInApps + UsbBlocked = $getValue.AdditionalProperties.usbBlocked + VoiceRecordingBlocked = $getValue.AdditionalProperties.voiceRecordingBlocked + WebRtcBlockLocalhostIpAddress = $getValue.AdditionalProperties.webRtcBlockLocalhostIpAddress + WiFiBlockAutomaticConnectHotspots = $getValue.AdditionalProperties.wiFiBlockAutomaticConnectHotspots + WiFiBlocked = $getValue.AdditionalProperties.wiFiBlocked + WiFiBlockManualConfiguration = $getValue.AdditionalProperties.wiFiBlockManualConfiguration + WiFiScanInterval = $getValue.AdditionalProperties.wiFiScanInterval + Windows10AppsForceUpdateSchedule = $complexWindows10AppsForceUpdateSchedule + WindowsSpotlightBlockConsumerSpecificFeatures = $getValue.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures + WindowsSpotlightBlocked = $getValue.AdditionalProperties.windowsSpotlightBlocked + WindowsSpotlightBlockOnActionCenter = $getValue.AdditionalProperties.windowsSpotlightBlockOnActionCenter + WindowsSpotlightBlockTailoredExperiences = $getValue.AdditionalProperties.windowsSpotlightBlockTailoredExperiences + WindowsSpotlightBlockThirdPartyNotifications = $getValue.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications + WindowsSpotlightBlockWelcomeExperience = $getValue.AdditionalProperties.windowsSpotlightBlockWelcomeExperience + WindowsSpotlightBlockWindowsTips = $getValue.AdditionalProperties.windowsSpotlightBlockWindowsTips + WindowsSpotlightConfigureOnLockScreen = $enumWindowsSpotlightConfigureOnLockScreen + WindowsStoreBlockAutoUpdate = $getValue.AdditionalProperties.windowsStoreBlockAutoUpdate + WindowsStoreBlocked = $getValue.AdditionalProperties.windowsStoreBlocked + WindowsStoreEnablePrivateStoreOnly = $getValue.AdditionalProperties.windowsStoreEnablePrivateStoreOnly + WirelessDisplayBlockProjectionToThisDevice = $getValue.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice + WirelessDisplayBlockUserInputFromReceiver = $getValue.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver + WirelessDisplayRequirePinForPairing = $getValue.AdditionalProperties.wirelessDisplayRequirePinForPairing + Description = $getValue.Description + DisplayName = $getValue.DisplayName + SupportsScopeTags = $getValue.SupportsScopeTags + Id = $getValue.Id + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + #endregion + } + $assignmentsValues = Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id + $assignmentResult = @() + foreach ($assignmentEntry in $AssignmentsValues) + { + $assignmentValue = @{ + dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' + deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) + {$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()}) + deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId + groupId = $assignmentEntry.Target.AdditionalProperties.groupId + } + $assignmentResult += $assignmentValue + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.Boolean] + $AccountsBlockAddingNonMicrosoftAccountEmail, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + + [Parameter()] + [System.Boolean] + $AntiTheftModeBlocked, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + + [Parameter()] + [System.Boolean] + $BluetoothBlocked, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPrePairing, + + [Parameter()] + [System.Boolean] + $BluetoothBlockPromptedProximalConnections, + + [Parameter()] + [System.Boolean] + $CameraBlocked, + + [Parameter()] + [System.Boolean] + $CellularBlockDataWhenRoaming, + + [Parameter()] + [System.Boolean] + $CellularBlockVpn, + + [Parameter()] + [System.Boolean] + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, + + [Parameter()] + [System.Boolean] + $CertificatesBlockManualRootCertificateInstallation, + + [Parameter()] + [System.String] + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, + + [Parameter()] + [System.Boolean] + $CortanaBlocked, + + [Parameter()] + [System.Boolean] + $CryptographyAllowFipsAlgorithmPolicy, + + [Parameter()] + [System.Boolean] + $DataProtectionBlockDirectMemoryAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockEndUserAccess, + + [Parameter()] + [System.Boolean] + $DefenderBlockOnAccessProtection, + + [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] + [System.String] + $DefenderCloudBlockLevel, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeout, + + [Parameter()] + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, + + [Parameter()] + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupFullScan, + + [Parameter()] + [System.Boolean] + $DefenderDisableCatchupQuickScan, + + [Parameter()] + [System.String[]] + $DefenderFileExtensionsToExclude, + + [Parameter()] + [System.String[]] + $DefenderFilesAndFoldersToExclude, + + [Parameter()] + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, + + [Parameter()] + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, + + [Parameter()] + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, + + [Parameter()] + [System.String[]] + $DefenderProcessesToExclude, + + [Parameter()] + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, + + [Parameter()] + [System.Boolean] + $DefenderRequireBehaviorMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderRequireCloudProtection, + + [Parameter()] + [System.Boolean] + $DefenderRequireNetworkInspectionSystem, + + [Parameter()] + [System.Boolean] + $DefenderRequireRealTimeMonitoring, + + [Parameter()] + [System.Boolean] + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, + [System.Int32] + $DefenderScanMaxCpu, + + [Parameter()] + [System.Boolean] + $DefenderScanNetworkFiles, - [Parameter(Mandatory = $True)] + [Parameter()] + [System.Boolean] + $DefenderScanRemovableDrivesDuringFullScan, + + [Parameter()] + [System.Boolean] + $DefenderScanScriptsLoadedInInternetExplorer, + + [Parameter()] + [ValidateSet('userDefined','disabled','quick','full')] [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $DefenderScanType, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, + + [Parameter()] + [System.Boolean] + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, + + [Parameter()] + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] [System.String] - $ApplicationId, + $DefenderSubmitSamplesConsentType, [Parameter()] + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] [System.String] - $TenantId, + $DefenderSystemScanSchedule, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockFactoryResetOnMobile, + + [Parameter()] + [System.Boolean] + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - $CertificateThumbprint, + $DiagnosticsDataSubmissionMode, [Parameter()] - [Switch] - $ManagedIdentity - ) + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, - Write-Verbose -Message "Checking for the Intune Device Configuration Policy {$DisplayName}" - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters ` - -ProfileName 'beta' + [Parameter()] + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies + [Parameter()] + [System.Boolean] + $EdgeAllowStartPagesModification, - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + [Parameter()] + [System.Boolean] + $EdgeBlockAccessToAboutFlags, - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + [Parameter()] + [System.Boolean] + $EdgeBlockAddressBarDropdown, - try - { - $policy = Get-MgDeviceManagementDeviceConfiguration -Filter "displayName eq '$DisplayName'" ` - -ErrorAction Stop | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + [Parameter()] + [System.Boolean] + $EdgeBlockAutofill, - if ($null -eq $policy) - { - Write-Verbose -Message "No Device Configuration Policy {$DisplayName} was found" - return $nullResult - } + [Parameter()] + [System.Boolean] + $EdgeBlockCompatibilityList, - $DefenderDetectedMalwareActionsValues = $null - if (-not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) -or - -not [System.String]::IsNullOrEmpty($policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity)) - { - $DefenderDetectedMalwareActionsValues = @{ - LowSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity - ModerateSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity - HighSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.highSeverity - SevereSeverity = $policy.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity - } - } + [Parameter()] + [System.Boolean] + $EdgeBlockDeveloperTools, - Write-Verbose -Message "Found Device Configuration Policy {$DisplayName}" - $results = @{ - Description = $policy.Description - DisplayName = $policy.DisplayName - EnterpriseCloudPrintDiscoveryEndPoint = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryEndPoint - EnterpriseCloudPrintOAuthAuthority = $policy.AdditionalProperties.enterpriseCloudPrintOAuthAuthority - EnterpriseCloudPrintOAuthClientIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintOAuthClientIdentifier - EnterpriseCloudPrintResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintResourceIdentifier - EnterpriseCloudPrintDiscoveryMaxLimit = $policy.AdditionalProperties.enterpriseCloudPrintDiscoveryMaxLimit - EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = $policy.AdditionalProperties.enterpriseCloudPrintMopriaDiscoveryResourceIdentifier - SearchBlockDiacritics = $policy.AdditionalProperties.searchBlockDiacritics - SearchDisableAutoLanguageDetection = $policy.AdditionalProperties.searchDisableAutoLanguageDetection - SearchDisableIndexingEncryptedItems = $policy.AdditionalProperties.searchDisableIndexingEncryptedItems - SearchEnableRemoteQueries = $policy.AdditionalProperties.searchEnableRemoteQueries - SearchDisableIndexerBackoff = $policy.AdditionalProperties.searchDisableIndexerBackoff - SearchDisableIndexingRemovableDrive = $policy.AdditionalProperties.searchDisableIndexingRemovableDrive - SearchEnableAutomaticIndexSizeManangement = $policy.AdditionalProperties.searchEnableAutomaticIndexSizeManangement - DiagnosticsDataSubmissionMode = $policy.AdditionalProperties.diagnosticsDataSubmissionMode - OneDriveDisableFileSync = $policy.AdditionalProperties.oneDriveDisableFileSync - SmartScreenEnableAppInstallControl = $policy.AdditionalProperties.smartScreenEnableAppInstallControl - PersonalizationDesktopImageUrl = $policy.AdditionalProperties.personalizationDesktopImageUrl - PersonalizationLockScreenImageUrl = $policy.AdditionalProperties.personalizationLockScreenImageUrl - BluetoothAllowedServices = $policy.AdditionalProperties.bluetoothAllowedServices - BluetoothBlockAdvertising = $policy.AdditionalProperties.bluetoothBlockAdvertising - BluetoothBlockDiscoverableMode = $policy.AdditionalProperties.bluetoothBlockDiscoverableMode - BluetoothBlockPrePairing = $policy.AdditionalProperties.bluetoothBlockPrePairing - EdgeBlockAutofill = $policy.AdditionalProperties.edgeBlockAutofill - EdgeBlocked = $policy.AdditionalProperties.edgeBlocked - EdgeCookiePolicy = $policy.AdditionalProperties.edgeCookiePolicy - EdgeBlockDeveloperTools = $policy.AdditionalProperties.edgeBlockDeveloperTools - EdgeBlockSendingDoNotTrackHeader = $policy.AdditionalProperties.edgeBlockSendingDoNotTrackHeader - EdgeBlockExtensions = $policy.AdditionalProperties.edgeBlockExtensions - EdgeBlockInPrivateBrowsing = $policy.AdditionalProperties.edgeBlockInPrivateBrowsing - EdgeBlockJavaScript = $policy.AdditionalProperties.edgeBlockJavaScript - EdgeBlockPasswordManager = $policy.AdditionalProperties.edgeBlockPasswordManager - EdgeBlockAddressBarDropdown = $policy.AdditionalProperties.edgeBlockAddressBarDropdown - EdgeBlockCompatibilityList = $policy.AdditionalProperties.edgeBlockCompatibilityList - EdgeClearBrowsingDataOnExit = $policy.AdditionalProperties.edgeClearBrowsingDataOnExit - EdgeAllowStartPagesModification = $policy.AdditionalProperties.edgeAllowStartPagesModification - EdgeDisableFirstRunPage = $policy.AdditionalProperties.edgeDisableFirstRunPage - EdgeBlockLiveTileDataCollection = $policy.AdditionalProperties.edgeBlockLiveTileDataCollection - EdgeSyncFavoritesWithInternetExplorer = $policy.AdditionalProperties.edgeSyncFavoritesWithInternetExplorer - CellularBlockDataWhenRoaming = $policy.AdditionalProperties.cellularBlockDataWhenRoaming - CellularBlockVpn = $policy.AdditionalProperties.cellularBlockVpn - CellularBlockVpnWhenRoaming = $policy.AdditionalProperties.cellularBlockVpnWhenRoaming - DefenderRequireRealTimeMonitoring = $policy.AdditionalProperties.defenderRequireRealTimeMonitoring - DefenderRequireBehaviorMonitoring = $policy.AdditionalProperties.defenderRequireBehaviorMonitoring - DefenderRequireNetworkInspectionSystem = $policy.AdditionalProperties.defenderRequireNetworkInspectionSystem - DefenderScanDownloads = $policy.AdditionalProperties.defenderScanDownloads - DefenderScanScriptsLoadedInInternetExplorer = $policy.AdditionalProperties.defenderScanScriptsLoadedInInternetExplorer - DefenderBlockEndUserAccess = $policy.AdditionalProperties.defenderBlockEndUserAccess - DefenderSignatureUpdateIntervalInHours = $policy.AdditionalProperties.defenderSignatureUpdateIntervalInHours - DefenderMonitorFileActivity = $policy.AdditionalProperties.defenderMonitorFileActivity - DefenderDaysBeforeDeletingQuarantinedMalware = $policy.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware - DefenderScanMaxCpu = $policy.AdditionalProperties.defenderScanMaxCpu - DefenderScanArchiveFiles = $policy.AdditionalProperties.defenderScanArchiveFiles - DefenderScanIncomingMail = $policy.AdditionalProperties.defenderScanIncomingMail - DefenderScanRemovableDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanRemovableDrivesDuringFullScan - DefenderScanMappedNetworkDrivesDuringFullScan = $policy.AdditionalProperties.defenderScanMappedNetworkDrivesDuringFullScan - DefenderScanNetworkFiles = $policy.AdditionalProperties.defenderScanNetworkFiles - DefenderRequireCloudProtection = $policy.AdditionalProperties.defenderRequireCloudProtection - DefenderCloudBlockLevel = $policy.AdditionalProperties.defenderCloudBlockLevel - DefenderPromptForSampleSubmission = $policy.AdditionalProperties.defenderPromptForSampleSubmission - DefenderScheduledQuickScanTime = $policy.AdditionalProperties.defenderScheduledQuickScanTime - DefenderScanType = $policy.AdditionalProperties.defenderScanType - DefenderSystemScanSchedule = $policy.AdditionalProperties.defenderSystemScanSchedule - DefenderScheduledScanTime = $policy.AdditionalProperties.defenderScheduledScanTime - DefenderDetectedMalwareActions = $DefenderDetectedMalwareActionsValues - DefenderFileExtensionsToExclude = $policy.AdditionalProperties.defenderFileExtensionsToExclude - DefenderFilesAndFoldersToExclude = $policy.AdditionalProperties.defenderFilesAndFoldersToExclude - DefenderProcessesToExclude = $policy.AdditionalProperties.defenderProcessesToExclude - LockScreenAllowTimeoutConfiguration = $policy.AdditionalProperties.lockScreenAllowTimeoutConfiguration - LockScreenBlockActionCenterNotifications = $policy.AdditionalProperties.lockScreenBlockActionCenterNotifications - LockScreenBlockCortana = $policy.AdditionalProperties.lockScreenBlockCortana - LockScreenBlockToastNotifications = $policy.AdditionalProperties.lockScreenBlockToastNotifications - LockScreenTimeoutInSeconds = $policy.AdditionalProperties.lockScreenTimeoutInSeconds - PasswordBlockSimple = $policy.AdditionalProperties.passwordBlockSimple - PasswordExpirationDays = $policy.AdditionalProperties.passwordExpirationDays - PasswordMinimumLength = $policy.AdditionalProperties.passwordMinimumLength - PasswordMinutesOfInactivityBeforeScreenTimeout = $policy.AdditionalProperties.passwordMinutesOfInactivityBeforeScreenTimeout - PasswordMinimumCharacterSetCount = $policy.AdditionalProperties.passwordMinimumCharacterSetCount - PasswordPreviousPasswordBlockCount = $policy.AdditionalProperties.passwordPreviousPasswordBlockCount - PasswordRequired = $policy.AdditionalProperties.passwordRequired - PasswordRequireWhenResumeFromIdleState = $policy.AdditionalProperties.passwordRequireWhenResumeFromIdleState - PasswordRequiredType = $policy.AdditionalProperties.passwordRequiredType - PasswordSignInFailureCountBeforeFactoryReset = $policy.AdditionalProperties.passwordSignInFailureCountBeforeFactoryReset - PrivacyAdvertisingId = $policy.AdditionalProperties.privacyAdvertisingId - PrivacyAutoAcceptPairingAndConsentPrompts = $policy.AdditionalProperties.privacyAutoAcceptPairingAndConsentPrompts - PrivacyBlockInputPersonalization = $policy.AdditionalProperties.privacyBlockInputPersonalization - StartBlockUnpinningAppsFromTaskbar = $policy.AdditionalProperties.startBlockUnpinningAppsFromTaskbar - StartMenuAppListVisibility = $policy.AdditionalProperties.startMenuAppListVisibility - StartMenuHideChangeAccountSettings = $policy.AdditionalProperties.startMenuHideChangeAccountSettings - StartMenuHideFrequentlyUsedApps = $policy.AdditionalProperties.startMenuHideFrequentlyUsedApps - StartMenuHideHibernate = $policy.AdditionalProperties.startMenuHideHibernate - StartMenuHideLock = $policy.AdditionalProperties.startMenuHideLock - StartMenuHidePowerButton = $policy.AdditionalProperties.startMenuHidePowerButton - StartMenuHideRecentJumpLists = $policy.AdditionalProperties.startMenuHideRecentJumpLists - StartMenuHideRecentlyAddedApps = $policy.AdditionalProperties.startMenuHideRecentlyAddedApps - StartMenuHideRestartOptions = $policy.AdditionalProperties.startMenuHideRestartOptions - StartMenuHideShutDown = $policy.AdditionalProperties.startMenuHideShutDown - StartMenuHideSignOut = $policy.AdditionalProperties.startMenuHideSignOut - StartMenuHideSleep = $policy.AdditionalProperties.startMenuHideSleep - StartMenuHideSwitchAccount = $policy.AdditionalProperties.startMenuHideSwitchAccount - StartMenuHideUserTile = $policy.AdditionalProperties.startMenuHideUserTile - StartMenuLayoutEdgeAssetsXml = $policy.AdditionalProperties.startMenuLayoutEdgeAssetsXml - StartMenuLayoutXml = $policy.AdditionalProperties.startMenuLayoutXml - StartMenuMode = $policy.AdditionalProperties.startMenuMode - StartMenuPinnedFolderDocuments = $policy.AdditionalProperties.startMenuPinnedFolderDocuments - StartMenuPinnedFolderDownloads = $policy.AdditionalProperties.startMenuPinnedFolderDownloads - StartMenuPinnedFolderFileExplorer = $policy.AdditionalProperties.startMenuPinnedFolderFileExplorer - StartMenuPinnedFolderHomeGroup = $policy.AdditionalProperties.startMenuPinnedFolderHomeGroup - StartMenuPinnedFolderMusic = $policy.AdditionalProperties.startMenuPinnedFolderMusic - StartMenuPinnedFolderNetwork = $policy.AdditionalProperties.startMenuPinnedFolderNetwork - StartMenuPinnedFolderPersonalFolder = $policy.AdditionalProperties.startMenuPinnedFolderPersonalFolder - StartMenuPinnedFolderPictures = $policy.AdditionalProperties.startMenuPinnedFolderPictures - StartMenuPinnedFolderSettings = $policy.AdditionalProperties.startMenuPinnedFolderSettings - StartMenuPinnedFolderVideos = $policy.AdditionalProperties.startMenuPinnedFolderVideos - SettingsBlockSettingsApp = $policy.AdditionalProperties.settingsBlockSettingsApp - SettingsBlockSystemPage = $policy.AdditionalProperties.settingsBlockSystemPage - SettingsBlockDevicesPage = $policy.AdditionalProperties.settingsBlockDevicesPage - SettingsBlockNetworkInternetPage = $policy.AdditionalProperties.settingsBlockNetworkInternetPage - SettingsBlockPersonalizationPage = $policy.AdditionalProperties.settingsBlockPersonalizationPage - SettingsBlockAccountsPage = $policy.AdditionalProperties.settingsBlockAccountsPage - SettingsBlockTimeLanguagePage = $policy.AdditionalProperties.settingsBlockTimeLanguagePage - SettingsBlockEaseOfAccessPage = $policy.AdditionalProperties.settingsBlockEaseOfAccessPage - SettingsBlockPrivacyPage = $policy.AdditionalProperties.settingsBlockPrivacyPage - SettingsBlockUpdateSecurityPage = $policy.AdditionalProperties.settingsBlockUpdateSecurityPage - SettingsBlockAppsPage = $policy.AdditionalProperties.settingsBlockAppsPage - SettingsBlockGamingPage = $policy.AdditionalProperties.settingsBlockGamingPage - WindowsSpotlightBlockConsumerSpecificFeatures = $policy.AdditionalProperties.windowsSpotlightBlockConsumerSpecificFeatures - WindowsSpotlightBlocked = $policy.AdditionalProperties.windowsSpotlightBlocked - WindowsSpotlightBlockOnActionCenter = $policy.AdditionalProperties.windowsSpotlightBlockOnActionCenter - WindowsSpotlightBlockTailoredExperiences = $policy.AdditionalProperties.windowsSpotlightBlockTailoredExperiences - WindowsSpotlightBlockThirdPartyNotifications = $policy.AdditionalProperties.windowsSpotlightBlockThirdPartyNotifications - WindowsSpotlightBlockWelcomeExperience = $policy.AdditionalProperties.windowsSpotlightBlockWelcomeExperience - WindowsSpotlightBlockWindowsTips = $policy.AdditionalProperties.windowsSpotlightBlockWindowsTips - WindowsSpotlightConfigureOnLockScreen = $policy.AdditionalProperties.windowsSpotlightConfigureOnLockScreen - NetworkProxyApplySettingsDeviceWide = $policy.AdditionalProperties.networkProxyApplySettingsDeviceWide - NetworkProxyDisableAutoDetect = $policy.AdditionalProperties.networkProxyDisableAutoDetect - NetworkProxyAutomaticConfigurationUrl = $policy.AdditionalProperties.networkProxyAutomaticConfigurationUrl - NetworkProxyServer = $policy.AdditionalProperties.networkProxyServer - AccountsBlockAddingNonMicrosoftAccountEmail = $policy.AdditionalProperties.accountsBlockAddingNonMicrosoftAccountEmail - AntiTheftModeBlocked = $policy.AdditionalProperties.antiTheftModeBlocked - BluetoothBlocked = $policy.AdditionalProperties.bluetoothBlocked - CameraBlocked = $policy.AdditionalProperties.cameraBlocked - ConnectedDevicesServiceBlocked = $policy.AdditionalProperties.connectedDevicesServiceBlocked - CertificatesBlockManualRootCertificateInstallation = $policy.AdditionalProperties.certificatesBlockManualRootCertificateInstallation - CopyPasteBlocked = $policy.AdditionalProperties.copyPasteBlocked - CortanaBlocked = $policy.AdditionalProperties.cortanaBlocked - DeviceManagementBlockFactoryResetOnMobile = $policy.AdditionalProperties.deviceManagementBlockFactoryResetOnMobile - DeviceManagementBlockManualUnenroll = $policy.AdditionalProperties.deviceManagementBlockManualUnenroll - SafeSearchFilter = $policy.AdditionalProperties.safeSearchFilter - EdgeBlockPopups = $policy.AdditionalProperties.edgeBlockPopups - EdgeBlockSearchSuggestions = $policy.AdditionalProperties.edgeBlockSearchSuggestions - EdgeBlockSendingIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeBlockSendingIntranetTrafficToInternetExplorer - EdgeSendIntranetTrafficToInternetExplorer = $policy.AdditionalProperties.edgeSendIntranetTrafficToInternetExplorer - EdgeRequireSmartScreen = $policy.AdditionalProperties.edgeRequireSmartScreen - EdgeEnterpriseModeSiteListLocation = $policy.AdditionalProperties.edgeEnterpriseModeSiteListLocation - EdgeFirstRunUrl = $policy.AdditionalProperties.edgeFirstRunUrl - EdgeSearchEngine = $policy.AdditionalProperties.edgeSearchEngine.edgeSearchEngineType - EdgeHomepageUrls = $policy.AdditionalProperties.edgeHomepageUrls - EdgeBlockAccessToAboutFlags = $policy.AdditionalProperties.edgeBlockAccessToAboutFlags - SmartScreenBlockPromptOverride = $policy.AdditionalProperties.smartScreenBlockPromptOverride - SmartScreenBlockPromptOverrideForFiles = $policy.AdditionalProperties.smartScreenBlockPromptOverrideForFiles - WebRtcBlockLocalhostIpAddress = $policy.AdditionalProperties.webRtcBlockLocalhostIpAddress - InternetSharingBlocked = $policy.AdditionalProperties.internetSharingBlocked - SettingsBlockAddProvisioningPackage = $policy.AdditionalProperties.settingsBlockAddProvisioningPackage - SettingsBlockRemoveProvisioningPackage = $policy.AdditionalProperties.settingsBlockRemoveProvisioningPackage - SettingsBlockChangeSystemTime = $policy.AdditionalProperties.settingsBlockChangeSystemTime - SettingsBlockEditDeviceName = $policy.AdditionalProperties.settingsBlockEditDeviceName - SettingsBlockChangeRegion = $policy.AdditionalProperties.settingsBlockChangeRegion - SettingsBlockChangeLanguage = $policy.AdditionalProperties.settingsBlockChangeLanguage - SettingsBlockChangePowerSleep = $policy.AdditionalProperties.settingsBlockChangePowerSleep - LocationServicesBlocked = $policy.AdditionalProperties.locationServicesBlocked - MicrosoftAccountBlocked = $policy.AdditionalProperties.microsoftAccountBlocked - MicrosoftAccountBlockSettingsSync = $policy.AdditionalProperties.microsoftAccountBlockSettingsSync - NfcBlocked = $policy.AdditionalProperties.nfcBlocked - ResetProtectionModeBlocked = $policy.AdditionalProperties.resetProtectionModeBlocked - ScreenCaptureBlocked = $policy.AdditionalProperties.screenCaptureBlocked - StorageBlockRemovableStorage = $policy.AdditionalProperties.storageBlockRemovableStorage - StorageRequireMobileDeviceEncryption = $policy.AdditionalProperties.storageRequireMobileDeviceEncryption - UsbBlocked = $policy.AdditionalProperties.usbBlocked - VoiceRecordingBlocked = $policy.AdditionalProperties.voiceRecordingBlocked - WiFiBlockAutomaticConnectHotspots = $policy.AdditionalProperties.wiFiBlockAutomaticConnectHotspots - WiFiBlocked = $policy.AdditionalProperties.wiFiBlocked - WiFiBlockManualConfiguration = $policy.AdditionalProperties.wiFiBlockManualConfiguration - WiFiScanInterval = $policy.AdditionalProperties.wiFiScanInterval - WirelessDisplayBlockProjectionToThisDevice = $policy.AdditionalProperties.wirelessDisplayBlockProjectionToThisDevice - WirelessDisplayBlockUserInputFromReceiver = $policy.AdditionalProperties.wirelessDisplayBlockUserInputFromReceiver - WirelessDisplayRequirePinForPairing = $policy.AdditionalProperties.wirelessDisplayRequirePinForPairing - WindowsStoreBlocked = $policy.AdditionalProperties.windowsStoreBlocked - AppsAllowTrustedAppsSideloading = $policy.AdditionalProperties.appsAllowTrustedAppsSideloading - WindowsStoreBlockAutoUpdate = $policy.AdditionalProperties.windowsStoreBlockAutoUpdate - DeveloperUnlockSetting = $policy.AdditionalProperties.developerUnlockSetting - SharedUserAppDataAllowed = $policy.AdditionalProperties.sharedUserAppDataAllowed - AppsBlockWindowsStoreOriginatedApps = $policy.AdditionalProperties.appsBlockWindowsStoreOriginatedApps - WindowsStoreEnablePrivateStoreOnly = $policy.AdditionalProperties.windowsStoreEnablePrivateStoreOnly - StorageRestrictAppDataToSystemVolume = $policy.AdditionalProperties.storageRestrictAppDataToSystemVolume - StorageRestrictAppInstallToSystemVolume = $policy.AdditionalProperties.storageRestrictAppInstallToSystemVolume - GameDvrBlocked = $policy.AdditionalProperties.gameDvrBlocked - ExperienceBlockDeviceDiscovery = $policy.AdditionalProperties.experienceBlockDeviceDiscovery - ExperienceBlockErrorDialogWhenNoSIM = $policy.AdditionalProperties.experienceBlockErrorDialogWhenNoSIM - ExperienceBlockTaskSwitcher = $policy.AdditionalProperties.experienceBlockTaskSwitcher - LogonBlockFastUserSwitching = $policy.AdditionalProperties.logonBlockFastUserSwitching - TenantLockdownRequireNetworkDuringOutOfBoxExperience = $policy.AdditionalProperties.tenantLockdownRequireNetworkDuringOutOfBoxExperience - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - Managedidentity = $ManagedIdentity.IsPresent - } + [Parameter()] + [System.Boolean] + $EdgeBlocked, - $returnAssignments = @() - $returnAssignments += Get-MgDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $policy.Id - $assignmentResult = @() - foreach ($assignmentEntry in $returnAssignments) - { - $assignmentValue = @{ - dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' - deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.toString() - deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId - groupId = $assignmentEntry.Target.AdditionalProperties.groupId - } - $assignmentResult += $assignmentValue - } - $results.Add('Assignments', $assignmentResult) - return $results - } - catch - { - New-M365DSCLogEntry -Message 'Error retrieving data:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + [Parameter()] + [System.Boolean] + $EdgeBlockEditFavorites, - return $nullResult - } -} + [Parameter()] + [System.Boolean] + $EdgeBlockExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockFullScreenMode, + + [Parameter()] + [System.Boolean] + $EdgeBlockInPrivateBrowsing, + + [Parameter()] + [System.Boolean] + $EdgeBlockJavaScript, + + [Parameter()] + [System.Boolean] + $EdgeBlockLiveTileDataCollection, + + [Parameter()] + [System.Boolean] + $EdgeBlockPasswordManager, + + [Parameter()] + [System.Boolean] + $EdgeBlockPopups, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrelaunch, + + [Parameter()] + [System.Boolean] + $EdgeBlockPrinting, + + [Parameter()] + [System.Boolean] + $EdgeBlockSavingHistory, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchEngineCustomization, + + [Parameter()] + [System.Boolean] + $EdgeBlockSearchSuggestions, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, + + [Parameter()] + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, + + [Parameter()] + [System.Boolean] + $EdgeBlockSideloadingExtensions, + + [Parameter()] + [System.Boolean] + $EdgeBlockTabPreloading, + + [Parameter()] + [System.Boolean] + $EdgeBlockWebContentOnNewTabPage, + + [Parameter()] + [System.Boolean] + $EdgeClearBrowsingDataOnExit, + + [Parameter()] + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, + + [Parameter()] + [System.Boolean] + $EdgeDisableFirstRunPage, + + [Parameter()] + [System.String] + $EdgeEnterpriseModeSiteListLocation, + + [Parameter()] + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, + + [Parameter()] + [System.String] + $EdgeFavoritesListLocation, + + [Parameter()] + [System.String] + $EdgeFirstRunUrl, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, + + [Parameter()] + [System.Boolean] + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, + + [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] + [System.String] + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, + + [Parameter()] + [System.String] + $EdgeNewTabPageURL, + + [Parameter()] + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, + + [Parameter()] + [System.Boolean] + $EdgePreventCertificateErrorOverride, + + [Parameter()] + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, + + [Parameter()] + [System.Boolean] + $EdgeRequireSmartScreen, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, + + [Parameter()] + [System.Boolean] + $EdgeSendIntranetTrafficToInternetExplorer, -function Set-TargetResource -{ - [CmdletBinding()] - param - ( - [Parameter(Mandatory = $True)] + [Parameter()] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $DisplayName, + $EdgeShowMessageWhenOpeningInternetExplorerSites, + + [Parameter()] + [System.Boolean] + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] [System.String] - $Description, + $EdgeTelemetryForMicrosoft365Analytics, + + [Parameter()] + [System.Boolean] + $EnableAutomaticRedeployment, + + [Parameter()] + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, + + [Parameter()] + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] [System.String] $EnterpriseCloudPrintDiscoveryEndPoint, + [Parameter()] + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, + + [Parameter()] + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [Parameter()] [System.String] $EnterpriseCloudPrintOAuthAuthority, @@ -1191,343 +2536,421 @@ function Set-TargetResource $EnterpriseCloudPrintResourceIdentifier, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $ExperienceBlockDeviceDiscovery, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $SearchDisableAutoLanguageDetection, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $GameDvrBlocked, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $SearchDisableIndexerBackoff, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $SearchDisableIndexingRemovableDrive, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DiagnosticsDataSubmissionMode, + $LockScreenActivateAppsWithVoice, [Parameter()] [System.Boolean] - $oneDriveDisableFileSync, + $LockScreenAllowTimeoutConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $LockScreenBlockActionCenterNotifications, [Parameter()] - [System.String] - $PersonalizationDesktopImageUrl, + [System.Boolean] + $LockScreenBlockCortana, [Parameter()] - [System.String] - $PersonalizationLockScreenImageUrl, + [System.Boolean] + $LockScreenBlockToastNotifications, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $BluetoothBlockDiscoverableMode, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $MessagingBlockRichCommunicationServices, [Parameter()] [System.Boolean] - $EdgeBlockAutofill, + $MessagingBlockSync, [Parameter()] [System.Boolean] - $EdgeBlocked, + $MicrosoftAccountBlocked, + + [Parameter()] + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled')] [System.String] - $EdgeCookiePolicy, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $NetworkProxyApplySettingsDeviceWide, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [System.String] + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $NetworkProxyDisableAutoDetect, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [Microsoft.Management.Infrastructure.CimInstance] + $NetworkProxyServer, [Parameter()] [System.Boolean] - $EdgeBlockJavaScript, + $NfcBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPasswordManager, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $EdgeBlockAddressBarDropdown, + $PasswordBlockSimple, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.Int32] + $PasswordMinimumLength, [Parameter()] - [System.Boolean] - $EdgeBlockLiveTileDataCollection, + [System.Int32] + $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + [System.Int32] + $PasswordPreviousPasswordBlockCount, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $PasswordRequired, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('deviceDefault','alphanumeric','numeric')] + [System.String] + $PasswordRequiredType, [Parameter()] [System.Boolean] - $CellularBlockVpnWhenRoaming, + $PasswordRequireWhenResumeFromIdleState, [Parameter()] - [System.Boolean] - $DefenderRequireRealTimeMonitoring, + [System.Int32] + $PasswordSignInFailureCountBeforeFactoryReset, + + [Parameter()] + [System.String] + $PersonalizationDesktopImageUrl, + + [Parameter()] + [System.String] + $PersonalizationLockScreenImageUrl, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, + + [Parameter()] + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $DefenderRequireBehaviorMonitoring, + $PrinterBlockAddition, + + [Parameter()] + [System.String] + $PrinterDefaultName, + + [Parameter()] + [System.String[]] + $PrinterNames, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] - [System.String] - $DefenderMonitorFileActivity, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [ValidateSet('userDefined','strict','moderate')] + [System.String] + $SafeSearchFilter, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $SearchBlockDiacritics, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $SearchBlockWebResults, [Parameter()] [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + $SearchDisableAutoLanguageDetection, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $SearchDisableIndexerBackoff, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $SearchDisableIndexingEncryptedItems, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] - [System.String] - $DefenderScanType, + [System.Boolean] + $SearchEnableRemoteQueries, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] - [System.String] - $DefenderScheduledScanTime, + [System.Boolean] + $SettingsBlockAccountsPage, [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, + [System.Boolean] + $SettingsBlockAddProvisioningPackage, [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + [System.Boolean] + $SettingsBlockAppsPage, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $SettingsBlockChangeLanguage, [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, + [System.Boolean] + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $SettingsBlockEaseOfAccessPage, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Boolean] + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $PasswordBlockSimple, + $SettingsBlockGamingPage, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Boolean] + $SettingsBlockNetworkInternetPage, [Parameter()] - [System.Uint64] - $PasswordMinimumLength, + [System.Boolean] + $SettingsBlockPersonalizationPage, [Parameter()] - [System.Uint64] - $PasswordMinutesOfInactivityBeforeScreenTimeout, + [System.Boolean] + $SettingsBlockPrivacyPage, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, + [System.Boolean] + $SettingsBlockRemoveProvisioningPackage, [Parameter()] - [System.Uint64] - $PasswordPreviousPasswordBlockCount, + [System.Boolean] + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $PasswordRequired, + $SettingsBlockSystemPage, [Parameter()] [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, + $SettingsBlockTimeLanguagePage, [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] - [System.String] - $PasswordRequiredType, + [System.Boolean] + $SettingsBlockUpdateSecurityPage, [Parameter()] - [System.Uint64] - $PasswordSignInFailureCountBeforeFactoryReset, + [System.Boolean] + $SharedUserAppDataAllowed, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $PrivacyAdvertisingId, + $SmartScreenAppInstallControl, [Parameter()] [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $PrivacyBlockInputPersonalization, + $SmartScreenBlockPromptOverrideForFiles, + + [Parameter()] + [System.Boolean] + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] [System.String] $StartMenuAppListVisibility, @@ -1592,107 +3015,123 @@ function Set-TargetResource $StartMenuLayoutXml, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','fullScreen','nonFullScreen')] [System.String] $StartMenuMode, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDocuments, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderDownloads, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderFileExplorer, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderHomeGroup, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderMusic, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderNetwork, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderPictures, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderSettings, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] + [ValidateSet('notConfigured','hide','show')] [System.String] $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $StorageRestrictAppInstallToSystemVolume, + + [Parameter()] + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $UsbBlocked, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $WiFiBlockAutomaticConnectHotspots, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $WiFiBlocked, + + [Parameter()] + [System.Boolean] + $WiFiBlockManualConfiguration, + + [Parameter()] + [System.Int32] + $WiFiScanInterval, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] @@ -1723,742 +3162,867 @@ function Set-TargetResource $WindowsSpotlightBlockWindowsTips, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] + [ValidateSet('notConfigured','disabled','enabled')] [System.String] $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $WindowsStoreBlocked, + + [Parameter()] + [System.Boolean] + $WindowsStoreEnablePrivateStoreOnly, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockProjectionToThisDevice, + + [Parameter()] + [System.Boolean] + $WirelessDisplayBlockUserInputFromReceiver, + + [Parameter()] + [System.Boolean] + $WirelessDisplayRequirePinForPairing, [Parameter()] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('Verbose') | Out-Null + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Device Configuration Policy for Windows10 with DisplayName {$DisplayName}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $CreateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$CreateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like "*cimInstance*") + { + $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + } + } + #region resource generator code + $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + $policy = New-MgDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + + if ($policy.id) + { + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + $PSBoundParameters.Remove("Assignments") | Out-Null + + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() + $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters + + $UpdateParameters.Remove('Id') | Out-Null + + $keys = (([Hashtable]$UpdateParameters).clone()).Keys + foreach ($key in $keys) + { + if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like "*cimInstance*") + { + $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + } + } + #region resource generator code + $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10GeneralConfiguration") + Update-MgDeviceManagementDeviceConfiguration ` + -DeviceConfigurationId $currentInstance.Id ` + -BodyParameter $UpdateParameters + $assignmentsHash = @() + foreach ($assignment in $Assignments) + { + $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment + } + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceConfigurations' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Device Configuration Policy for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id + #endregion + } +} +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code [Parameter()] [System.Boolean] $AccountsBlockAddingNonMicrosoftAccountEmail, + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $ActivateAppsWithVoice, + [Parameter()] [System.Boolean] $AntiTheftModeBlocked, + [Parameter()] + [System.Boolean] + $AppManagementMSIAllowUserControlOverInstall, + + [Parameter()] + [System.Boolean] + $AppManagementMSIAlwaysInstallWithElevatedPrivileges, + + [Parameter()] + [System.String[]] + $AppManagementPackageFamilyNamesToLaunchAfterLogOn, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $AppsAllowTrustedAppsSideloading, + + [Parameter()] + [System.Boolean] + $AppsBlockWindowsStoreOriginatedApps, + + [Parameter()] + [System.Boolean] + $AuthenticationAllowSecondaryDevice, + + [Parameter()] + [System.String] + $AuthenticationPreferredAzureADTenantDomainName, + + [Parameter()] + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $AuthenticationWebSignIn, + + [Parameter()] + [System.String[]] + $BluetoothAllowedServices, + + [Parameter()] + [System.Boolean] + $BluetoothBlockAdvertising, + + [Parameter()] + [System.Boolean] + $BluetoothBlockDiscoverableMode, + [Parameter()] [System.Boolean] $BluetoothBlocked, [Parameter()] [System.Boolean] - $CameraBlocked, + $BluetoothBlockPrePairing, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $BluetoothBlockPromptedProximalConnections, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $CameraBlocked, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $CellularBlockDataWhenRoaming, [Parameter()] [System.Boolean] - $CortanaBlocked, + $CellularBlockVpn, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $CellularBlockVpnWhenRoaming, + + [Parameter()] + [ValidateSet('blocked','required','allowed','notConfigured')] + [System.String] + $CellularData, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $CertificatesBlockManualRootCertificateInstallation, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] [System.String] - $SafeSearchFilter, + $ConfigureTimeZone, + + [Parameter()] + [System.Boolean] + $ConnectedDevicesServiceBlocked, + + [Parameter()] + [System.Boolean] + $CopyPasteBlocked, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $CortanaBlocked, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $CryptographyAllowFipsAlgorithmPolicy, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $DataProtectionBlockDirectMemoryAccess, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $DefenderBlockEndUserAccess, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $DefenderBlockOnAccessProtection, [Parameter()] + [ValidateSet('notConfigured','high','highPlus','zeroTolerance')] [System.String] - $EdgeEnterpriseModeSiteListLocation, + $DefenderCloudBlockLevel, [Parameter()] - [System.String] - $EdgeFirstRunUrl, + [System.Int32] + $DefenderCloudExtendedTimeout, [Parameter()] - [System.String] - $EdgeSearchEngine, + [System.Int32] + $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + [System.Int32] + $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [Microsoft.Management.Infrastructure.CimInstance] + $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverride, + $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + $DefenderDisableCatchupQuickScan, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [System.String[]] + $DefenderFileExtensionsToExclude, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [System.String[]] + $DefenderFilesAndFoldersToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('userDefined','disable','monitorAllFiles','monitorIncomingFilesOnly','monitorOutgoingFilesOnly')] + [System.String] + $DefenderMonitorFileActivity, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('deviceDefault','block','audit')] + [System.String] + $DefenderPotentiallyUnwantedAppAction, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('userDefined','enable','auditMode','warn','notConfigured')] + [System.String] + $DefenderPotentiallyUnwantedAppActionSetting, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [System.String[]] + $DefenderProcessesToExclude, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('userDefined','alwaysPrompt','promptBeforeSendingPersonalData','neverSendData','sendAllDataWithoutPrompting')] + [System.String] + $DefenderPromptForSampleSubmission, [Parameter()] [System.Boolean] - $SettingsBlockChangeLanguage, + $DefenderRequireBehaviorMonitoring, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $DefenderRequireCloudProtection, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $DefenderRequireNetworkInspectionSystem, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $DefenderRequireRealTimeMonitoring, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $DefenderScanArchiveFiles, [Parameter()] [System.Boolean] - $NfcBlocked, + $DefenderScanDownloads, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $DefenderScanIncomingMail, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $DefenderScanMappedNetworkDrivesDuringFullScan, [Parameter()] - [System.Boolean] - $StorageBlockRemovableStorage, + [System.Int32] + $DefenderScanMaxCpu, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $DefenderScanNetworkFiles, [Parameter()] [System.Boolean] - $UsbBlocked, + $DefenderScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $DefenderScanScriptsLoadedInInternetExplorer, [Parameter()] - [System.Boolean] - $WiFiBlockAutomaticConnectHotspots, + [ValidateSet('userDefined','disabled','quick','full')] + [System.String] + $DefenderScanType, [Parameter()] - [System.Boolean] - $WiFiBlocked, + [System.TimeSpan] + $DefenderScheduledQuickScanTime, + + [Parameter()] + [System.TimeSpan] + $DefenderScheduledScanTime, [Parameter()] [System.Boolean] - $WiFiBlockManualConfiguration, + $DefenderScheduleScanEnableLowCpuPriority, [Parameter()] - [System.Uint64] - $WiFiScanInterval, + [System.Int32] + $DefenderSignatureUpdateIntervalInHours, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [ValidateSet('sendSafeSamplesAutomatically','alwaysPrompt','neverSend','sendAllSamplesAutomatically')] + [System.String] + $DefenderSubmitSamplesConsentType, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + [ValidateSet('userDefined','everyday','sunday','monday','tuesday','wednesday','thursday','friday','saturday','noScheduledScan')] + [System.String] + $DefenderSystemScanSchedule, + + [Parameter()] + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $DeveloperUnlockSetting, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $DeviceManagementBlockFactoryResetOnMobile, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, + $DeviceManagementBlockManualUnenroll, [Parameter()] + [ValidateSet('userDefined','none','basic','enhanced','full')] [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $DiagnosticsDataSubmissionMode, [Parameter()] - [System.Boolean] - $WindowsStoreBlockAutoUpdate, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOff, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.String[]] + $DisplayAppListWithGdiDPIScalingTurnedOn, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $EdgeAllowStartPagesModification, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $EdgeBlockAccessToAboutFlags, [Parameter()] [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + $EdgeBlockAddressBarDropdown, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $EdgeBlockAutofill, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $EdgeBlockCompatibilityList, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $EdgeBlockDeveloperTools, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $EdgeBlocked, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $EdgeBlockEditFavorites, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $EdgeBlockExtensions, [Parameter()] [System.Boolean] - $LogonBlockFastUserSwitching, + $EdgeBlockFullScreenMode, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Assignments, - - [Parameter(Mandatory = $True)] - [System.String] - [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $EdgeBlockInPrivateBrowsing, [Parameter()] - [System.Management.Automation.PSCredential] - $Credential, + [System.Boolean] + $EdgeBlockJavaScript, [Parameter()] - [System.String] - $ApplicationId, + [System.Boolean] + $EdgeBlockLiveTileDataCollection, [Parameter()] - [System.String] - $TenantId, + [System.Boolean] + $EdgeBlockPasswordManager, [Parameter()] - [System.Management.Automation.PSCredential] - $ApplicationSecret, + [System.Boolean] + $EdgeBlockPopups, [Parameter()] - [System.String] - $CertificateThumbprint, + [System.Boolean] + $EdgeBlockPrelaunch, [Parameter()] - [Switch] - $ManagedIdentity - ) - - $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` - -InboundParameters $PSBoundParameters - - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion - - $currentPolicy = Get-TargetResource @PSBoundParameters - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent') - { - Write-Verbose -Message "Creating new Device Configuration Policy {$DisplayName}" - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - $policy = New-MgDeviceManagementDeviceConfiguration -DisplayName $DisplayName ` - -Description $Description ` - -AdditionalProperties $AdditionalProperties - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - if ($policy.id) - { - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $policy.id ` - -Targets $assignmentsHash - } - #endregion - } - elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - $PSBoundParameters.Remove('DisplayName') | Out-Null - $PSBoundParameters.Remove('Description') | Out-Null - $PSBoundParameters.Remove('Assignments') | Out-Null - - $AdditionalProperties = Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -Properties ([System.Collections.Hashtable]$PSBoundParameters) - if ($AdditionalProperties.DefenderDetectedMalwareActions) - { - $AdditionalProperties.DefenderDetectedMalwareActions.Add('@odata.type', '#microsoft.graph.defenderDetectedMalwareActions') - } - Update-MgDeviceManagementDeviceConfiguration -AdditionalProperties $AdditionalProperties ` - -Description $Description ` - -DeviceConfigurationId $configDevicePolicy.Id - - #region Assignments - $assignmentsHash = @() - foreach ($assignment in $Assignments) - { - $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment - } - Update-DeviceConfigurationPolicyAssignments -DeviceConfigurationPolicyId $configDevicePolicy.Id ` - -Targets $assignmentsHash - #endregion - } - elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present') - { - Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" - $configDevicePolicy = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' -and ` - $_.displayName -eq $($DisplayName) } - - Remove-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $configDevicePolicy.Id - } -} - -function Test-TargetResource -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param - ( - [Parameter(Mandatory = $True)] - [System.String] - $DisplayName, + [System.Boolean] + $EdgeBlockPrinting, [Parameter()] - [System.String] - $Description, + [System.Boolean] + $EdgeBlockSavingHistory, [Parameter()] - [System.String] - $EnterpriseCloudPrintDiscoveryEndPoint, + [System.Boolean] + $EdgeBlockSearchEngineCustomization, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthAuthority, + [System.Boolean] + $EdgeBlockSearchSuggestions, [Parameter()] - [System.String] - $EnterpriseCloudPrintOAuthClientIdentifier, + [System.Boolean] + $EdgeBlockSendingDoNotTrackHeader, [Parameter()] - [System.String] - $EnterpriseCloudPrintResourceIdentifier, + [System.Boolean] + $EdgeBlockSendingIntranetTrafficToInternetExplorer, [Parameter()] - [System.Uint64] - $EnterpriseCloudPrintDiscoveryMaxLimit, + [System.Boolean] + $EdgeBlockSideloadingExtensions, [Parameter()] - [System.String] - $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, + [System.Boolean] + $EdgeBlockTabPreloading, [Parameter()] [System.Boolean] - $SearchBlockDiacritics, + $EdgeBlockWebContentOnNewTabPage, [Parameter()] [System.Boolean] - $SearchDisableAutoLanguageDetection, + $EdgeClearBrowsingDataOnExit, [Parameter()] - [System.Boolean] - $SearchDisableIndexingEncryptedItems, + [ValidateSet('userDefined','allow','blockThirdParty','blockAll')] + [System.String] + $EdgeCookiePolicy, [Parameter()] [System.Boolean] - $SearchEnableRemoteQueries, + $EdgeDisableFirstRunPage, [Parameter()] - [System.Boolean] - $SearchDisableIndexerBackoff, + [System.String] + $EdgeEnterpriseModeSiteListLocation, [Parameter()] - [System.Boolean] - $SearchDisableIndexingRemovableDrive, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $EdgeFavoritesBarVisibility, [Parameter()] - [System.Boolean] - $SearchEnableAutomaticIndexSizeManangement, + [System.String] + $EdgeFavoritesListLocation, [Parameter()] - [ValidateSet('userDefined', 'none', 'basic', 'enhanced', 'full')] [System.String] - $DiagnosticsDataSubmissionMode, + $EdgeFirstRunUrl, [Parameter()] - [System.Boolean] - $oneDriveDisableFileSync, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeHomeButtonConfiguration, [Parameter()] [System.Boolean] - $SmartScreenEnableAppInstallControl, + $EdgeHomeButtonConfigurationEnabled, + + [Parameter()] + [System.String[]] + $EdgeHomepageUrls, [Parameter()] + [ValidateSet('notConfigured','digitalSignage','normalMode','publicBrowsingSingleApp','publicBrowsingMultiApp')] [System.String] - $PersonalizationDesktopImageUrl, + $EdgeKioskModeRestriction, + + [Parameter()] + [System.Int32] + $EdgeKioskResetAfterIdleTimeInMinutes, [Parameter()] [System.String] - $PersonalizationLockScreenImageUrl, + $EdgeNewTabPageURL, [Parameter()] - [System.String[]] - $BluetoothAllowedServices, + [ValidateSet('notConfigured','startPage','newTabPage','previousPages','specificPages')] + [System.String] + $EdgeOpensWith, [Parameter()] [System.Boolean] - $BluetoothBlockAdvertising, + $EdgePreventCertificateErrorOverride, [Parameter()] - [System.Boolean] - $BluetoothBlockDiscoverableMode, + [System.String[]] + $EdgeRequiredExtensionPackageFamilyNames, [Parameter()] [System.Boolean] - $BluetoothBlockPrePairing, + $EdgeRequireSmartScreen, [Parameter()] - [System.Boolean] - $EdgeBlockAutofill, + [Microsoft.Management.Infrastructure.CimInstance] + $EdgeSearchEngine, [Parameter()] [System.Boolean] - $EdgeBlocked, + $EdgeSendIntranetTrafficToInternetExplorer, [Parameter()] - [ValidateSet('userDefined', 'allow', 'blockThirdparty', 'blockAll')] + [ValidateSet('notConfigured','disabled','enabled','keepGoing')] [System.String] - $EdgeCookiePolicy, + $EdgeShowMessageWhenOpeningInternetExplorerSites, [Parameter()] [System.Boolean] - $EdgeBlockDeveloperTools, + $EdgeSyncFavoritesWithInternetExplorer, [Parameter()] - [System.Boolean] - $EdgeBlockSendingDoNotTrackHeader, + [ValidateSet('notConfigured','intranet','internet','intranetAndInternet')] + [System.String] + $EdgeTelemetryForMicrosoft365Analytics, [Parameter()] [System.Boolean] - $EdgeBlockExtensions, + $EnableAutomaticRedeployment, [Parameter()] - [System.Boolean] - $EdgeBlockInPrivateBrowsing, + [System.Int32] + $EnergySaverOnBatteryThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockJavaScript, + [System.Int32] + $EnergySaverPluggedInThresholdPercentage, [Parameter()] - [System.Boolean] - $EdgeBlockPasswordManager, + [System.String] + $EnterpriseCloudPrintDiscoveryEndPoint, [Parameter()] - [System.Boolean] - $EdgeBlockAddressBarDropdown, + [System.Int32] + $EnterpriseCloudPrintDiscoveryMaxLimit, [Parameter()] - [System.Boolean] - $EdgeBlockCompatibilityList, + [System.String] + $EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier, [Parameter()] - [System.Boolean] - $EdgeClearBrowsingDataOnExit, + [System.String] + $EnterpriseCloudPrintOAuthAuthority, [Parameter()] - [System.Boolean] - $EdgeAllowStartPagesModification, + [System.String] + $EnterpriseCloudPrintOAuthClientIdentifier, [Parameter()] - [System.Boolean] - $EdgeDisableFirstRunPage, + [System.String] + $EnterpriseCloudPrintResourceIdentifier, [Parameter()] [System.Boolean] - $EdgeBlockLiveTileDataCollection, + $ExperienceBlockDeviceDiscovery, [Parameter()] [System.Boolean] - $EdgeSyncFavoritesWithInternetExplorer, + $ExperienceBlockErrorDialogWhenNoSIM, [Parameter()] [System.Boolean] - $CellularBlockDataWhenRoaming, + $ExperienceBlockTaskSwitcher, [Parameter()] - [System.Boolean] - $CellularBlockVpn, + [ValidateSet('notConfigured','blockedWithUserOverride','blocked')] + [System.String] + $ExperienceDoNotSyncBrowserSettings, [Parameter()] - [System.Boolean] - $CellularBlockVpnWhenRoaming, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $FindMyFiles, [Parameter()] [System.Boolean] - $DefenderRequireRealTimeMonitoring, + $GameDvrBlocked, [Parameter()] - [System.Boolean] - $DefenderRequireBehaviorMonitoring, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $InkWorkspaceAccess, [Parameter()] - [System.Boolean] - $DefenderRequireNetworkInspectionSystem, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $InkWorkspaceAccessState, [Parameter()] [System.Boolean] - $DefenderScanDownloads, + $InkWorkspaceBlockSuggestedApps, [Parameter()] [System.Boolean] - $DefenderScanScriptsLoadedInInternetExplorer, + $InternetSharingBlocked, [Parameter()] [System.Boolean] - $DefenderBlockEndUserAccess, - - [Parameter()] - [System.Uint64] - $DefenderSignatureUpdateIntervalInHours, + $LocationServicesBlocked, [Parameter()] - [ValidateSet('userDefined', 'disable', 'monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $DefenderMonitorFileActivity, + $LockScreenActivateAppsWithVoice, [Parameter()] - [System.Uint64] - $DefenderDaysBeforeDeletingQuarantinedMalware, + [System.Boolean] + $LockScreenAllowTimeoutConfiguration, [Parameter()] - [System.Uint64] - $DefenderScanMaxCpu, + [System.Boolean] + $LockScreenBlockActionCenterNotifications, [Parameter()] [System.Boolean] - $DefenderScanArchiveFiles, + $LockScreenBlockCortana, [Parameter()] [System.Boolean] - $DefenderScanIncomingMail, + $LockScreenBlockToastNotifications, [Parameter()] - [System.Boolean] - $DefenderScanRemovableDrivesDuringFullScan, + [System.Int32] + $LockScreenTimeoutInSeconds, [Parameter()] [System.Boolean] - $DefenderScanMappedNetworkDrivesDuringFullScan, + $LogonBlockFastUserSwitching, [Parameter()] [System.Boolean] - $DefenderScanNetworkFiles, + $MessagingBlockMMS, [Parameter()] [System.Boolean] - $DefenderRequireCloudProtection, + $MessagingBlockRichCommunicationServices, [Parameter()] - [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] - [System.String] - $DefenderCloudBlockLevel, + [System.Boolean] + $MessagingBlockSync, [Parameter()] - [ValidateSet('userDefined', 'alwaysPrompt', 'promptBeforeSendingPersonalData', 'neverSendData', 'sendAllDataWithoutPrompting')] - [System.String] - $DefenderPromptForSampleSubmission, + [System.Boolean] + $MicrosoftAccountBlocked, [Parameter()] - [System.String] - $DefenderScheduledQuickScanTime, + [System.Boolean] + $MicrosoftAccountBlockSettingsSync, [Parameter()] - [ValidateSet('userDefined', 'disabled', 'quick', 'full')] + [ValidateSet('notConfigured','disabled')] [System.String] - $DefenderScanType, + $MicrosoftAccountSignInAssistantSettings, [Parameter()] - [System.string] - $DefenderSystemScanSchedule, + [System.Boolean] + $NetworkProxyApplySettingsDeviceWide, [Parameter()] [System.String] - $DefenderScheduledScanTime, - - [Parameter()] - [System.String[]] - $DefenderFileExtensionsToExclude, - - [Parameter()] - [System.String[]] - $DefenderFilesAndFoldersToExclude, + $NetworkProxyAutomaticConfigurationUrl, [Parameter()] - [System.String[]] - $DefenderProcessesToExclude, + [System.Boolean] + $NetworkProxyDisableAutoDetect, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] - $DefenderDetectedMalwareActions, - - [Parameter()] - [System.Boolean] - $LockScreenAllowTimeoutConfiguration, + $NetworkProxyServer, [Parameter()] [System.Boolean] - $LockScreenBlockActionCenterNotifications, + $NfcBlocked, [Parameter()] [System.Boolean] - $LockScreenBlockCortana, + $OneDriveDisableFileSync, [Parameter()] [System.Boolean] - $LockScreenBlockToastNotifications, + $PasswordBlockSimple, [Parameter()] - [System.Uint64] - $LockScreenTimeoutInSeconds, + [System.Int32] + $PasswordExpirationDays, [Parameter()] - [System.Boolean] - $PasswordBlockSimple, + [System.Int32] + $PasswordMinimumAgeInDays, [Parameter()] - [System.Uint64] - $PasswordExpirationDays, + [System.Int32] + $PasswordMinimumCharacterSetCount, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinimumLength, [Parameter()] - [System.Uint64] + [System.Int32] $PasswordMinutesOfInactivityBeforeScreenTimeout, [Parameter()] - [System.Uint64] - $PasswordMinimumCharacterSetCount, - - [Parameter()] - [System.Uint64] + [System.Int32] $PasswordPreviousPasswordBlockCount, [Parameter()] @@ -2466,420 +4030,424 @@ function Test-TargetResource $PasswordRequired, [Parameter()] - [System.Boolean] - $PasswordRequireWhenResumeFromIdleState, - - [Parameter()] - [ValidateSet('deviceDefault', 'alphanumeric', 'numeric')] + [ValidateSet('deviceDefault','alphanumeric','numeric')] [System.String] $PasswordRequiredType, [Parameter()] - [System.Uint64] + [System.Boolean] + $PasswordRequireWhenResumeFromIdleState, + + [Parameter()] + [System.Int32] $PasswordSignInFailureCountBeforeFactoryReset, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] [System.String] - $PrivacyAdvertisingId, + $PersonalizationDesktopImageUrl, [Parameter()] - [System.Boolean] - $PrivacyAutoAcceptPairingAndConsentPrompts, + [System.String] + $PersonalizationLockScreenImageUrl, [Parameter()] - [System.Boolean] - $PrivacyBlockInputPersonalization, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartBlockUnpinningAppsFromTaskbar, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerButtonActionPluggedIn, [Parameter()] - [ValidateSet('userDefined', 'collapse', 'remove', 'disableSettingsApp')] + [ValidateSet('notConfigured','enabled','disabled')] [System.String] - $StartMenuAppListVisibility, + $PowerHybridSleepOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideChangeAccountSettings, + [ValidateSet('notConfigured','enabled','disabled')] + [System.String] + $PowerHybridSleepPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideFrequentlyUsedApps, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHideHibernate, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerLidCloseActionPluggedIn, [Parameter()] - [System.Boolean] - $StartMenuHideLock, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionOnBattery, [Parameter()] - [System.Boolean] - $StartMenuHidePowerButton, + [ValidateSet('notConfigured','noAction','sleep','hibernate','shutdown')] + [System.String] + $PowerSleepButtonActionPluggedIn, [Parameter()] [System.Boolean] - $StartMenuHideRecentJumpLists, + $PrinterBlockAddition, [Parameter()] - [System.Boolean] - $StartMenuHideRecentlyAddedApps, + [System.String] + $PrinterDefaultName, [Parameter()] - [System.Boolean] - $StartMenuHideRestartOptions, + [System.String[]] + $PrinterNames, [Parameter()] - [System.Boolean] - $StartMenuHideShutDown, + [ValidateSet('notConfigured','blocked','allowed')] + [System.String] + $PrivacyAdvertisingId, [Parameter()] [System.Boolean] - $StartMenuHideSignOut, + $PrivacyAutoAcceptPairingAndConsentPrompts, [Parameter()] [System.Boolean] - $StartMenuHideSleep, + $PrivacyBlockActivityFeed, [Parameter()] [System.Boolean] - $StartMenuHideSwitchAccount, + $PrivacyBlockInputPersonalization, [Parameter()] [System.Boolean] - $StartMenuHideUserTile, + $PrivacyBlockPublishUserActivities, [Parameter()] - [System.String] - $StartMenuLayoutEdgeAssetsXml, + [System.Boolean] + $PrivacyDisableLaunchExperience, [Parameter()] - [System.String] - $StartMenuLayoutXml, + [System.Boolean] + $ResetProtectionModeBlocked, [Parameter()] - [ValidateSet('userDefined', 'fullScreen', 'nonFullScreen')] + [ValidateSet('userDefined','strict','moderate')] [System.String] - $StartMenuMode, + $SafeSearchFilter, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDocuments, + [System.Boolean] + $ScreenCaptureBlocked, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderDownloads, + [System.Boolean] + $SearchBlockDiacritics, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderFileExplorer, + [System.Boolean] + $SearchBlockWebResults, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderHomeGroup, + [System.Boolean] + $SearchDisableAutoLanguageDetection, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderMusic, + [System.Boolean] + $SearchDisableIndexerBackoff, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderNetwork, + [System.Boolean] + $SearchDisableIndexingEncryptedItems, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPersonalFolder, + [System.Boolean] + $SearchDisableIndexingRemovableDrive, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderPictures, + [System.Boolean] + $SearchDisableLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderSettings, + [System.Boolean] + $SearchDisableUseLocation, [Parameter()] - [ValidateSet('notConfigured', 'hide', 'show')] - [System.String] - $StartMenuPinnedFolderVideos, + [System.Boolean] + $SearchEnableAutomaticIndexSizeManangement, [Parameter()] [System.Boolean] - $SettingsBlockSettingsApp, + $SearchEnableRemoteQueries, [Parameter()] [System.Boolean] - $SettingsBlockSystemPage, + $SecurityBlockAzureADJoinedDevicesAutoEncryption, [Parameter()] [System.Boolean] - $SettingsBlockDevicesPage, + $SettingsBlockAccountsPage, [Parameter()] [System.Boolean] - $SettingsBlockNetworkInternetPage, + $SettingsBlockAddProvisioningPackage, [Parameter()] [System.Boolean] - $SettingsBlockPersonalizationPage, + $SettingsBlockAppsPage, [Parameter()] [System.Boolean] - $SettingsBlockAccountsPage, + $SettingsBlockChangeLanguage, [Parameter()] [System.Boolean] - $SettingsBlockTimeLanguagePage, + $SettingsBlockChangePowerSleep, [Parameter()] [System.Boolean] - $SettingsBlockEaseOfAccessPage, + $SettingsBlockChangeRegion, [Parameter()] [System.Boolean] - $SettingsBlockPrivacyPage, + $SettingsBlockChangeSystemTime, [Parameter()] [System.Boolean] - $SettingsBlockUpdateSecurityPage, + $SettingsBlockDevicesPage, [Parameter()] [System.Boolean] - $SettingsBlockAppsPage, + $SettingsBlockEaseOfAccessPage, [Parameter()] [System.Boolean] - $SettingsBlockGamingPage, + $SettingsBlockEditDeviceName, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockConsumerSpecificFeatures, + $SettingsBlockGamingPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlocked, + $SettingsBlockNetworkInternetPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockOnActionCenter, + $SettingsBlockPersonalizationPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockTailoredExperiences, + $SettingsBlockPrivacyPage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockThirdPartyNotifications, + $SettingsBlockRemoveProvisioningPackage, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWelcomeExperience, + $SettingsBlockSettingsApp, [Parameter()] [System.Boolean] - $WindowsSpotlightBlockWindowsTips, + $SettingsBlockSystemPage, [Parameter()] - [ValidateSet('notConfigured', 'disabled', 'enabled')] - [System.String] - $WindowsSpotlightConfigureOnLockScreen, + [System.Boolean] + $SettingsBlockTimeLanguagePage, [Parameter()] [System.Boolean] - $NetworkProxyApplySettingsDeviceWide, + $SettingsBlockUpdateSecurityPage, [Parameter()] [System.Boolean] - $NetworkProxyDisableAutoDetect, + $SharedUserAppDataAllowed, [Parameter()] + [ValidateSet('notConfigured','anywhere','storeOnly','recommendations','preferStore')] [System.String] - $NetworkProxyAutomaticConfigurationUrl, + $SmartScreenAppInstallControl, [Parameter()] - [System.String[]] - $NetworkProxyServer, + [System.Boolean] + $SmartScreenBlockPromptOverride, [Parameter()] [System.Boolean] - $AccountsBlockAddingNonMicrosoftAccountEmail, + $SmartScreenBlockPromptOverrideForFiles, [Parameter()] [System.Boolean] - $AntiTheftModeBlocked, + $SmartScreenEnableAppInstallControl, [Parameter()] [System.Boolean] - $BluetoothBlocked, + $StartBlockUnpinningAppsFromTaskbar, [Parameter()] - [System.Boolean] - $CameraBlocked, + [ValidateSet('userDefined','collapse','remove','disableSettingsApp')] + [System.String] + $StartMenuAppListVisibility, [Parameter()] [System.Boolean] - $ConnectedDevicesServiceBlocked, + $StartMenuHideChangeAccountSettings, [Parameter()] [System.Boolean] - $CertificatesBlockManualRootCertificateInstallation, + $StartMenuHideFrequentlyUsedApps, [Parameter()] [System.Boolean] - $CopyPasteBlocked, + $StartMenuHideHibernate, [Parameter()] [System.Boolean] - $CortanaBlocked, + $StartMenuHideLock, [Parameter()] [System.Boolean] - $DeviceManagementBlockFactoryResetOnMobile, + $StartMenuHidePowerButton, [Parameter()] [System.Boolean] - $DeviceManagementBlockManualUnenroll, + $StartMenuHideRecentJumpLists, [Parameter()] - [ValidateSet('userDefined', 'strict', 'moderate')] - [System.String] - $SafeSearchFilter, + [System.Boolean] + $StartMenuHideRecentlyAddedApps, [Parameter()] [System.Boolean] - $EdgeBlockPopups, + $StartMenuHideRestartOptions, [Parameter()] [System.Boolean] - $EdgeBlockSearchSuggestions, + $StartMenuHideShutDown, [Parameter()] [System.Boolean] - $EdgeBlockSendingIntranetTrafficToInternetExplorer, + $StartMenuHideSignOut, [Parameter()] [System.Boolean] - $EdgeSendIntranetTrafficToInternetExplorer, + $StartMenuHideSleep, [Parameter()] [System.Boolean] - $EdgeRequireSmartScreen, + $StartMenuHideSwitchAccount, [Parameter()] - [System.String] - $EdgeEnterpriseModeSiteListLocation, + [System.Boolean] + $StartMenuHideUserTile, [Parameter()] [System.String] - $EdgeFirstRunUrl, + $StartMenuLayoutEdgeAssetsXml, [Parameter()] [System.String] - $EdgeSearchEngine, - - [Parameter()] - [System.String[]] - $EdgeHomepageUrls, + $StartMenuLayoutXml, [Parameter()] - [System.Boolean] - $EdgeBlockAccessToAboutFlags, + [ValidateSet('userDefined','fullScreen','nonFullScreen')] + [System.String] + $StartMenuMode, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverride, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDocuments, [Parameter()] - [System.Boolean] - $SmartScreenBlockPromptOverrideForFiles, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderDownloads, [Parameter()] - [System.Boolean] - $WebRtcBlockLocalhostIpAddress, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderFileExplorer, [Parameter()] - [System.Boolean] - $InternetSharingBlocked, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderHomeGroup, [Parameter()] - [System.Boolean] - $SettingsBlockAddProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderMusic, [Parameter()] - [System.Boolean] - $SettingsBlockRemoveProvisioningPackage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderNetwork, [Parameter()] - [System.Boolean] - $SettingsBlockChangeSystemTime, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPersonalFolder, [Parameter()] - [System.Boolean] - $SettingsBlockEditDeviceName, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderPictures, [Parameter()] - [System.Boolean] - $SettingsBlockChangeRegion, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderSettings, [Parameter()] - [System.Boolean] - $SettingsBlockChangeLanguage, + [ValidateSet('notConfigured','hide','show')] + [System.String] + $StartMenuPinnedFolderVideos, [Parameter()] [System.Boolean] - $SettingsBlockChangePowerSleep, + $StorageBlockRemovableStorage, [Parameter()] [System.Boolean] - $LocationServicesBlocked, + $StorageRequireMobileDeviceEncryption, [Parameter()] [System.Boolean] - $MicrosoftAccountBlocked, + $StorageRestrictAppDataToSystemVolume, [Parameter()] [System.Boolean] - $MicrosoftAccountBlockSettingsSync, + $StorageRestrictAppInstallToSystemVolume, [Parameter()] - [System.Boolean] - $NfcBlocked, + [System.String] + $SystemTelemetryProxyServer, [Parameter()] [System.Boolean] - $ResetProtectionModeBlocked, + $TaskManagerBlockEndTask, [Parameter()] [System.Boolean] - $ScreenCaptureBlocked, + $TenantLockdownRequireNetworkDuringOutOfBoxExperience, [Parameter()] [System.Boolean] - $StorageBlockRemovableStorage, + $UninstallBuiltInApps, [Parameter()] [System.Boolean] - $StorageRequireMobileDeviceEncryption, + $UsbBlocked, [Parameter()] [System.Boolean] - $UsbBlocked, + $VoiceRecordingBlocked, [Parameter()] [System.Boolean] - $VoiceRecordingBlocked, + $WebRtcBlockLocalhostIpAddress, [Parameter()] [System.Boolean] @@ -2894,91 +4462,95 @@ function Test-TargetResource $WiFiBlockManualConfiguration, [Parameter()] - [System.Uint64] + [System.Int32] $WiFiScanInterval, [Parameter()] - [System.Boolean] - $WirelessDisplayBlockProjectionToThisDevice, + [Microsoft.Management.Infrastructure.CimInstance] + $Windows10AppsForceUpdateSchedule, [Parameter()] [System.Boolean] - $WirelessDisplayBlockUserInputFromReceiver, + $WindowsSpotlightBlockConsumerSpecificFeatures, [Parameter()] [System.Boolean] - $WirelessDisplayRequirePinForPairing, + $WindowsSpotlightBlocked, [Parameter()] [System.Boolean] - $WindowsStoreBlocked, - - [Parameter()] - [System.String] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - $AppsAllowTrustedAppsSideloading, + $WindowsSpotlightBlockOnActionCenter, [Parameter()] [System.Boolean] - $WindowsStoreBlockAutoUpdate, + $WindowsSpotlightBlockTailoredExperiences, [Parameter()] - [ValidateSet('notConfigured', 'blocked', 'allowed')] - [System.String] - $DeveloperUnlockSetting, + [System.Boolean] + $WindowsSpotlightBlockThirdPartyNotifications, [Parameter()] [System.Boolean] - $SharedUserAppDataAllowed, + $WindowsSpotlightBlockWelcomeExperience, [Parameter()] [System.Boolean] - $AppsBlockWindowsStoreOriginatedApps, + $WindowsSpotlightBlockWindowsTips, [Parameter()] - [System.Boolean] - $WindowsStoreEnablePrivateStoreOnly, + [ValidateSet('notConfigured','disabled','enabled')] + [System.String] + $WindowsSpotlightConfigureOnLockScreen, [Parameter()] [System.Boolean] - $StorageRestrictAppDataToSystemVolume, + $WindowsStoreBlockAutoUpdate, [Parameter()] [System.Boolean] - $StorageRestrictAppInstallToSystemVolume, + $WindowsStoreBlocked, [Parameter()] [System.Boolean] - $GameDvrBlocked, + $WindowsStoreEnablePrivateStoreOnly, [Parameter()] [System.Boolean] - $ExperienceBlockDeviceDiscovery, + $WirelessDisplayBlockProjectionToThisDevice, [Parameter()] [System.Boolean] - $ExperienceBlockErrorDialogWhenNoSIM, + $WirelessDisplayBlockUserInputFromReceiver, [Parameter()] [System.Boolean] - $ExperienceBlockTaskSwitcher, + $WirelessDisplayRequirePinForPairing, [Parameter()] - [System.Boolean] - $LogonBlockFastUserSwitching, + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, [Parameter()] [System.Boolean] - $TenantLockdownRequireNetworkDuringOutOfBoxExperience, + $SupportsScopeTags, + + [Parameter(Mandatory = $true)] + [System.String] + $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion - [Parameter(Mandatory = $True)] + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] - $Ensure = $true, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -3009,109 +4581,69 @@ function Test-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of Device Configuration Policy {$DisplayName}" - - $CurrentValues = Get-TargetResource @PSBoundParameters - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message "Testing configuration of the Intune Device Configuration Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" - # Check DefenderDetectedMalwareActions - if ($CurrentValues.DefenderDetectedMalwareActions.LowSeverity -ne $DefenderDetectedMalwareActions.LowSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.ModerateSeverity -ne $DefenderDetectedMalwareActions.ModerateSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.HighSeverity -ne $DefenderDetectedMalwareActions.HighSeverity -or - $CurrentValues.DefenderDetectedMalwareActions.SevereSeverity -ne $DefenderDetectedMalwareActions.SevereSeverity) - { - Write-Verbose -Message "Test-TargetResource returned $false" - return $false - } - $ValuesToCheck.Remove('DefenderDetectedMalwareActions') | Out-Null + $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - #region Assignments $testResult = $true - if ((-not $CurrentValues.Assignments) -xor (-not $ValuesToCheck.Assignments)) - { - Write-Verbose -Message 'Configuration drift: one the assignment is null' - return $false - } - - if ($CurrentValues.Assignments) - { - if ($CurrentValues.Assignments.count -ne $ValuesToCheck.Assignments.count) - { - Write-Verbose -Message "Configuration drift: Number of assignment has changed - current {$($CurrentValues.Assignments.count)} target {$($ValuesToCheck.Assignments.count)}" - return $false - } - foreach ($assignment in $CurrentValues.Assignments) - { - #GroupId Assignment - if (-not [String]::IsNullOrEmpty($assignment.groupId)) - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.groupId -eq $assignment.groupId } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } - #AllDevices/AllUsers assignment - else - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.dataType -eq $assignment.dataType } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') + { + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - if (-not $testResult) + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-Not $testResult) { $testResult = $false break } + + $ValuesToCheck.Remove($key) | Out-Null } } - if (-not $testResult) + + $ValuesToCheck.remove("Id") | Out-Null + $ValuesToCheck.Remove('Credential') | Out-Null + $ValuesToCheck.Remove('ApplicationId') | Out-Null + $ValuesToCheck.Remove('TenantId') | Out-Null + $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($testResult) { - return $false + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys } - $ValuesToCheck.Remove('Assignments') | Out-Null - #endregion - - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $TestResult" + Write-Verbose -Message "Test-TargetResource returned $testResult" - return $TestResult + return $testResult } function Export-TargetResource @@ -3120,10 +4652,6 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter()] - [System.String] - $Filter, - [Parameter()] [System.Management.Automation.PSCredential] $Credential, @@ -3157,7 +4685,7 @@ function Export-TargetResource Confirm-M365DSCDependencies #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` @@ -3167,12 +4695,18 @@ function Export-TargetResource try { - [array]$policies = Get-MgDeviceManagementDeviceConfiguration ` - -ErrorAction Stop -All:$true -Filter $Filter | Where-Object ` - -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' } + #region resource generator code + [array]$getValue = Get-MgDeviceManagementDeviceConfiguration ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10GeneralConfiguration' ` + } + #endregion + $i = 1 $dscContent = '' - if ($policies.Length -eq 0) + if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } @@ -3180,11 +4714,17 @@ function Export-TargetResource { Write-Host "`r`n" -NoNewline } - foreach ($policy in $policies) + foreach ($config in $getValue) { - Write-Host " |---[$i/$($policies.Count)] $($policy.DisplayName)" -NoNewline + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ - DisplayName = $policy.DisplayName + Id = $config.Id + DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -3193,25 +4733,83 @@ function Export-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } + $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - - if ($Results.DefenderDetectedMalwareActions) + if ($null -ne $Results.DefenderDetectedMalwareActions) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DefenderDetectedMalwareActions ` + -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions1' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DefenderDetectedMalwareActions = $complexTypeStringResult + } + else + { + $Results.Remove('DefenderDetectedMalwareActions') | Out-Null + } + } + if ($null -ne $Results.EdgeHomeButtonConfiguration) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeHomeButtonConfiguration ` + -CIMInstanceName 'MicrosoftGraphedgeHomeButtonConfiguration' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeHomeButtonConfiguration = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeHomeButtonConfiguration') | Out-Null + } + } + if ($null -ne $Results.EdgeSearchEngine) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.EdgeSearchEngine ` + -CIMInstanceName 'MicrosoftGraphedgeSearchEngineBase' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.EdgeSearchEngine = $complexTypeStringResult + } + else + { + $Results.Remove('EdgeSearchEngine') | Out-Null + } + } + if ($null -ne $Results.NetworkProxyServer) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.NetworkProxyServer ` + -CIMInstanceName 'MicrosoftGraphwindows10NetworkProxyServer' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.NetworkProxyServer = $complexTypeStringResult + } + else + { + $Results.Remove('NetworkProxyServer') | Out-Null + } + } + if ($null -ne $Results.Windows10AppsForceUpdateSchedule) { - $StringContent = [System.Text.StringBuilder]::new() - $StringContent.AppendLine('MSFT_IntuneDefenderDetectedMalwareActions {') | Out-Null - $StringContent.AppendLine(" LowSeverity = '" + $Results.DefenderDetectedMalwareActions.LowSeverity + "'") | Out-Null - $StringContent.AppendLine(" ModerateSeverity = '" + $Results.DefenderDetectedMalwareActions.ModerateSeverity + "'") | Out-Null - $StringContent.AppendLine(" HighSeverity = '" + $Results.DefenderDetectedMalwareActions.HighSeverity + "'") | Out-Null - $StringContent.AppendLine(" SevereSeverity = '" + $Results.DefenderDetectedMalwareActions.SevereSeverity + "'") | Out-Null - $StringContent.AppendLine(' }') | Out-Null - $Results.DefenderDetectedMalwareActions = $StringContent.ToString() + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.Windows10AppsForceUpdateSchedule ` + -CIMInstanceName 'MicrosoftGraphwindows10AppsForceUpdateSchedule' + if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.Windows10AppsForceUpdateSchedule = $complexTypeStringResult + } + else + { + $Results.Remove('Windows10AppsForceUpdateSchedule') | Out-Null + } } if ($Results.Assignments) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) { $Results.Assignments = $complexTypeStringResult @@ -3226,23 +4824,33 @@ function Export-TargetResource -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.DefenderDetectedMalwareActions) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock ` - -ParameterName 'DefenderDetectedMalwareActions' + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "DefenderDetectedMalwareActions" -isCIMArray:$False + } + if ($Results.EdgeHomeButtonConfiguration) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeHomeButtonConfiguration" -isCIMArray:$False + } + if ($Results.EdgeSearchEngine) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "EdgeSearchEngine" -isCIMArray:$False + } + if ($Results.NetworkProxyServer) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "NetworkProxyServer" -isCIMArray:$False + } + if ($Results.Windows10AppsForceUpdateSchedule) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Windows10AppsForceUpdateSchedule" -isCIMArray:$False } - if ($Results.Assignments) { - $isCIMArray = $false - if ($Results.Assignments.getType().Fullname -like '*[[\]]') - { - $isCIMArray = $true - } - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "Assignments" -isCIMArray:$true } - + #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable + $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName @@ -3255,11 +4863,6 @@ function Export-TargetResource { Write-Host $Global:M365DSCEmojiRedX - if ($_.Exception -like '*401*') - { - Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." - } - New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` @@ -3270,88 +4873,57 @@ function Export-TargetResource } } -function Get-M365DSCIntuneDeviceConfigurationPolicyWindowsAdditionalProperties -{ - [CmdletBinding()] - [OutputType([System.Collections.Hashtable])] - param - ( - [Parameter(Mandatory = 'true')] - [System.Collections.Hashtable] - $Properties - ) - - $results = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - foreach ($property in $properties.Keys) - { - if ($property -ne 'Verbose') - { - $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) - if ($propertyName -eq 'defenderDetectedMalwareActions') - { - $propertyValue = @{ - lowSeverity = $properties.$property.lowSeverity - moderateSeverity = $properties.$property.moderateSeverity - highSeverity = $properties.$property.highSeverity - severeSeverity = $properties.$property.severeSeverity - } - } - else - { - $propertyValue = $properties.$property - } - $results.Add($propertyName, $propertyValue) - } - } - return $results -} - -function Update-DeviceConfigurationPolicyAssignments +function Update-DeviceConfigurationPolicyAssignment { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] - param - ( + param ( [Parameter(Mandatory = 'true')] [System.String] $DeviceConfigurationPolicyId, [Parameter()] [Array] - $Targets - ) + $Targets, + + [Parameter()] + [System.String] + $Repository = 'deviceManagement/configurationPolicies', + [Parameter()] + [ValidateSet('v1.0','beta')] + [System.String] + $APIVersion = 'beta' + ) try { - $configurationPolicyAssignments = @() - - $Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$DeviceConfigurationPolicyId/assign" + $deviceManagementPolicyAssignments = @() + $Uri = "https://graph.microsoft.com/$APIVersion/$Repository/$DeviceConfigurationPolicyId/assign" foreach ($target in $targets) { - $formattedTarget = @{'@odata.type' = $target.dataType } + $formattedTarget = @{"@odata.type" = $target.dataType} if ($target.groupId) { - $formattedTarget.Add('groupId', $target.groupId) + $formattedTarget.Add('groupId',$target.groupId) } if ($target.collectionId) { - $formattedTarget.Add('collectionId', $target.collectionId) + $formattedTarget.Add('collectionId',$target.collectionId) } if ($target.deviceAndAppManagementAssignmentFilterType) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType', $target.deviceAndAppManagementAssignmentFilterType) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterType',$target.deviceAndAppManagementAssignmentFilterType) } if ($target.deviceAndAppManagementAssignmentFilterId) { - $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId', $target.deviceAndAppManagementAssignmentFilterId) + $formattedTarget.Add('deviceAndAppManagementAssignmentFilterId',$target.deviceAndAppManagementAssignmentFilterId) } - $configurationPolicyAssignments += @{'target' = $formattedTarget } + $deviceManagementPolicyAssignments += @{'target' = $formattedTarget} } - $body = @{'assignments' = $configurationPolicyAssignments } | ConvertTo-Json -Depth 20 + $body = @{'assignments' = $deviceManagementPolicyAssignments} | ConvertTo-Json -Depth 20 #write-verbose -Message $body Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $body -ErrorAction Stop - } catch { @@ -3365,33 +4937,82 @@ function Update-DeviceConfigurationPolicyAssignments } } -function Get-M365DSCDRGComplexTypeToHashtable +function Rename-M365DSCCimInstanceParameter { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( - [Parameter()] - $ComplexObject + [OutputType([System.Collections.Hashtable],[System.Collections.Hashtable[]])] + param( + [Parameter(Mandatory = 'true')] + $Properties ) - if ($null -eq $ComplexObject) - { - return $null + $keyToRename = @{ + "odataType" = "@odata.type" } + $result = $Properties + + $type = $Properties.getType().FullName + + #region Array + if ($type -like '*[[\]]') + { + $values = @() + foreach ($item in $Properties) + { + $values += Rename-M365DSCCimInstanceParameter $item + } + $result = $values + + return ,$result + } + #endregion - if ($ComplexObject.getType().Fullname -like '*hashtable') + #region Single + if ($type -like "*Hashtable") { - return $ComplexObject + $result = ([Hashtable]$Properties).clone() } - if ($ComplexObject.getType().Fullname -like '*hashtable[[\]]') + if ($type -like '*CimInstance*' -or $type -like '*Hashtable*'-or $type -like '*Object*') { - return [hashtable[]]$ComplexObject + $hashProperties = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $result + $keys = ($hashProperties.clone()).keys + foreach ($key in $keys) + { + $keyName = $key.substring(0,1).tolower()+$key.substring(1,$key.length-1) + if ($key -in $keyToRename.Keys) + { + $keyName = $keyToRename.$key + } + + $property = $hashProperties.$key + if ($null -ne $property) + { + $hashProperties.Remove($key) + $hashProperties.add($keyName,(Rename-M365DSCCimInstanceParameter $property)) + } + } + $result = $hashProperties } + return $result + #endregion +} + +function Get-M365DSCDRGComplexTypeToHashtable +{ + [CmdletBinding()] + [OutputType([hashtable],[hashtable[]])] + param( + [Parameter()] + $ComplexObject + ) + if ($null -eq $ComplexObject) + { + return $null + } - if ($ComplexObject.gettype().fullname -like '*[[\]]') + if ($ComplexObject.gettype().fullname -like "*[[\]]") { $results = @() @@ -3407,41 +5028,104 @@ function Get-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results + } + + if ($ComplexObject.getType().fullname -like '*Dictionary*') + { + $results = @{} + + $ComplexObject = [hashtable]::new($ComplexObject) + $keys = $ComplexObject.Keys + foreach ($key in $keys) + { + if ($null -ne $ComplexObject.$key) + { + $keyName = $key + + $keyType = $ComplexObject.$key.gettype().fullname + + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*" -or $keyType -like "*[[\]]") + { + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$key + + $results.Add($keyName, $hash) + } + else + { + $results.Add($keyName, $ComplexObject.$key) + } + } + } + return [hashtable]$results } $results = @{} - $keys = $ComplexObject | Get-Member | Where-Object -FilterScript { $_.MemberType -eq 'Property' -and $_.Name -ne 'AdditionalProperties' } - foreach ($key in $keys) + if ($ComplexObject.getType().Fullname -like "*hashtable") + { + $keys = $ComplexObject.keys + } + else { + $keys = $ComplexObject | Get-Member | Where-Object -FilterScript {$_.MemberType -eq 'Property'} + } - if ($ComplexObject.$($key.Name)) + foreach ($key in $keys) + { + $keyName = $key + if ($ComplexObject.getType().Fullname -notlike "*hashtable") { - $keyName = $key.Name[0].ToString().ToLower() + $key.Name.Substring(1, $key.Name.Length - 1) + $keyName = $key.Name + } - if ($ComplexObject.$($key.Name).gettype().fullname -like '*CimInstance*') + if ($null -ne $ComplexObject.$keyName) + { + $keyType = $ComplexObject.$keyName.gettype().fullname + if ($keyType -like "*CimInstance*" -or $keyType -like "*Dictionary*" -or $keyType -like "Microsoft.Graph.PowerShell.Models.*") { - $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$($key.Name) + $hash = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject.$keyName $results.Add($keyName, $hash) } else { - $results.Add($keyName, $ComplexObject.$($key.Name)) + $results.Add($keyName, $ComplexObject.$keyName) } } } - return [hashtable]$results } +<# + Use ComplexTypeMapping to overwrite the type of nested CIM + Example + $complexMapping=@( + @{ + Name="ApprovalStages" + CimInstanceName="MSFT_MicrosoftGraphapprovalstage1" + IsRequired=$false + } + @{ + Name="PrimaryApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + @{ + Name="EscalationApprovers" + CimInstanceName="MicrosoftGraphuserset" + IsRequired=$false + } + ) + With + Name: the name of the parameter to be overwritten + CimInstanceName: The type of the CIM instance (can include or not the prefix MSFT_) + IsRequired: If isRequired equals true, an empty hashtable or array will be returned. Some of the Graph parameters are required even though they are empty +#> function Get-M365DSCDRGComplexTypeToString { [CmdletBinding()] - #[OutputType([System.String])] - param - ( + param( [Parameter()] $ComplexObject, @@ -3457,6 +5141,10 @@ function Get-M365DSCDRGComplexTypeToString [System.String] $Whitespace = '', + [Parameter()] + [System.uint32] + $IndentLevel = 3, + [Parameter()] [switch] $isArray = $false @@ -3467,53 +5155,77 @@ function Get-M365DSCDRGComplexTypeToString return $null } + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' + } #If ComplexObject is an Array - if ($ComplexObject.GetType().FullName -like '*[[\]]') + if ($ComplexObject.GetType().FullName -like "*[[\]]") { $currentProperty = @() + $IndentLevel++ foreach ($item in $ComplexObject) { - $split = @{ + $splat = @{ 'ComplexObject' = $item 'CIMInstanceName' = $CIMInstanceName - 'Whitespace' = " $whitespace" + 'IndentLevel' = $IndentLevel } if ($ComplexTypeMapping) { - $split.add('ComplexTypeMapping', $ComplexTypeMapping) + $splat.add('ComplexTypeMapping',$ComplexTypeMapping) } - $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @split - + $currentProperty += Get-M365DSCDRGComplexTypeToString -isArray:$true @splat } # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , $currentProperty + return ,$currentProperty } $currentProperty = '' if ($isArray) { $currentProperty += "`r`n" + $currentProperty += $indent + } + + $CIMInstanceName = $CIMInstanceName.replace("MSFT_","") + $currentProperty += "MSFT_$CIMInstanceName{`r`n" + $IndentLevel++ + $indent = '' + for ($i = 0; $i -lt $IndentLevel ; $i++) + { + $indent += ' ' } - $currentProperty += "$whitespace`MSFT_$CIMInstanceName{`r`n" $keyNotNull = 0 - foreach ($key in $ComplexObject.Keys) + + if ($ComplexObject.Keys.count -eq 0) { + return $null + } - if ($ComplexObject[$key]) + foreach ($key in $ComplexObject.Keys) + { + if ($null -ne $ComplexObject.$key) { $keyNotNull++ - if ($ComplexObject[$key].GetType().FullName -like 'Microsoft.Graph.PowerShell.Models.*' -or $key -in $ComplexTypeMapping.Name) + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*" -or $key -in $ComplexTypeMapping.Name) { $hashPropertyType = $ComplexObject[$key].GetType().Name.tolower() + $isArray = $false + if ($ComplexObject[$key].GetType().FullName -like "*[[\]]") + { + $isArray = $true + } #overwrite type if object defined in mapping complextypemapping if ($key -in $ComplexTypeMapping.Name) { - $hashPropertyType = ($ComplexTypeMapping | Where-Object -FilterScript { $_.Name -eq $key }).CimInstanceName + $hashPropertyType = ([Array]($ComplexTypeMapping | Where-Object -FilterScript {$_.Name -eq $key}).CimInstanceName)[0] $hashProperty = $ComplexObject[$key] } else @@ -3521,73 +5233,124 @@ function Get-M365DSCDRGComplexTypeToString $hashProperty = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject[$key] } - if ($key -notin $ComplexTypeMapping.Name) + if (-not $isArray) { - $Whitespace += ' ' + $currentProperty += $indent + $key + ' = ' } - if (-not $isArray -or ($isArray -and $key -in $ComplexTypeMapping.Name )) + if ($isArray -and $key -in $ComplexTypeMapping.Name) { - $currentProperty += $whitespace + $key + ' = ' - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + if ($ComplexObject.$key.count -gt 0) { - $currentProperty += '@(' + $currentProperty += $indent + $key + ' = ' + $currentProperty += "@(" } } - if ($key -in $ComplexTypeMapping.Name) + if ($isArray) { - $Whitespace = '' - + $IndentLevel++ + foreach ($item in $ComplexObject[$key]) + { + if ($ComplexObject.$key.GetType().FullName -like "Microsoft.Graph.PowerShell.Models.*") + { + $item = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $item ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping ` + -IsArray:$true + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "@()`r`n" + } + $currentProperty += $nestedPropertyString + } + $IndentLevel-- } - $currentProperty += Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $hashProperty ` - -CIMInstanceName $hashPropertyType ` - -Whitespace $Whitespace ` - -ComplexTypeMapping $ComplexTypeMapping - - if ($ComplexObject[$key].GetType().FullName -like '*[[\]]') + else + { + $nestedPropertyString = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $hashProperty ` + -CIMInstanceName $hashPropertyType ` + -IndentLevel $IndentLevel ` + -ComplexTypeMapping $ComplexTypeMapping + if ([string]::IsNullOrWhiteSpace($nestedPropertyString)) + { + $nestedPropertyString = "`$null`r`n" + } + $currentProperty += $nestedPropertyString + } + if ($isArray) { - $currentProperty += ')' + if ($ComplexObject.$key.count -gt 0) + { + $currentProperty += $indent + $currentProperty += ')' + $currentProperty += "`r`n" + } } + $isArray = $PSBoundParameters.IsArray } else { - if (-not $isArray) - { - $Whitespace = ' ' - } - $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($Whitespace + ' ') + $currentProperty += Get-M365DSCDRGSimpleObjectTypeToString -Key $key -Value $ComplexObject[$key] -Space ($indent) } } else { - $mappedKey = $ComplexTypeMapping | Where-Object -FilterScript { $_.name -eq $key } + $mappedKey = $ComplexTypeMapping | Where-Object -filterscript {$_.name -eq $key} if ($mappedKey -and $mappedKey.isRequired) { if ($mappedKey.isArray) { - $currentProperty += "$Whitespace $key = @()`r`n" + $currentProperty += "$indent$key = @()`r`n" } else { - $currentProperty += "$Whitespace $key = `$null`r`n" + $currentProperty += "$indent$key = `$null`r`n" } } } } - $currentProperty += "$Whitespace}" + $indent = '' + for ($i = 0; $i -lt $IndentLevel-1 ; $i++) + { + $indent += ' ' + } + $currentProperty += "$indent}" + if ($isArray -or $IndentLevel -gt 4) + { + $currentProperty += "`r`n" + } + + #Indenting last parenthese when the cim instance is an array + if ($IndentLevel -eq 5) + { + $indent = '' + for ($i = 0; $i -lt $IndentLevel-2 ; $i++) + { + $indent += ' ' + } + $currentProperty += $indent + } + $emptyCIM = $currentProperty.replace(" ","").replace("`r`n","") + if ($emptyCIM -eq "MSFT_$CIMInstanceName{}") + { + $currentProperty = $null + } return $currentProperty } -function Get-M365DSCDRGSimpleObjectTypeToString +Function Get-M365DSCDRGSimpleObjectTypeToString { [CmdletBinding()] [OutputType([System.String])] - param - ( + param( [Parameter(Mandatory = 'true')] [System.String] $Key, @@ -3598,30 +5361,31 @@ function Get-M365DSCDRGSimpleObjectTypeToString [Parameter()] [System.String] $Space = ' ' - ) + + ) $returnValue = '' switch -Wildcard ($Value.GetType().Fullname ) { - '*.Boolean' + "*.Boolean" { $returnValue = $Space + $Key + " = `$" + $Value.ToString() + "`r`n" } - '*.String' + "*.String" { if ($key -eq '@odata.type') { - $key = 'odataType' + $key ='odataType' } $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*.DateTime' + "*.DateTime" { $returnValue = $Space + $Key + " = '" + $Value + "'`r`n" } - '*[[\]]' + "*[[\]]" { - $returnValue = $Space + $key + ' = @(' + $returnValue = $Space + $key + " = @(" $whitespace = '' $newline = '' if ($Value.count -gt 1) @@ -3630,15 +5394,15 @@ function Get-M365DSCDRGSimpleObjectTypeToString $whitespace = $Space + ' ' $newline = "`r`n" } - foreach ($item in $Value) + foreach ($item in ($Value | Where-Object -FilterScript {$null -ne $_ })) { - switch -Wildcard ($item.GetType().Fullname ) + switch -Wildcard ($item.GetType().Fullname) { - '*.String' + "*.String" { $returnValue += "$whitespace'$item'$newline" } - '*.DateTime' + "*.DateTime" { $returnValue += "$whitespace'$item'$newline" } @@ -3660,7 +5424,7 @@ function Get-M365DSCDRGSimpleObjectTypeToString } Default { - $returnValue = $Space + $Key + ' = ' + $Value + "`r`n" + $returnValue = $Space + $Key + " = " + $Value + "`r`n" } } return $returnValue @@ -3670,17 +5434,15 @@ function Compare-M365DSCComplexObject { [CmdletBinding()] [OutputType([System.Boolean])] - param - ( + param( [Parameter()] $Source, - [Parameter()] $Target ) #Comparing full objects - if ($null -eq $Source -and $null -eq $Target) + if ($null -eq $Source -and $null -eq $Target) { return $true } @@ -3702,7 +5464,7 @@ function Compare-M365DSCComplexObject return $false } - if ($Source.getType().FullName -like '*CimInstance[[\]]' -or $Source.getType().FullName -like '*Hashtable[[\]]') + if ($Source.getType().FullName -like "*CimInstance[[\]]" -or $Source.getType().FullName -like "*Hashtable[[\]]") { if ($source.count -ne $target.count) { @@ -3714,51 +5476,44 @@ function Compare-M365DSCComplexObject return $true } - $i = 0 foreach ($item in $Source) { + $hashSource = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + foreach ($targetItem in $Target) + { + $compareResult = Compare-M365DSCComplexObject ` + -Source $hashSource ` + -Target $targetItem - $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source[$i]) ` - -Target $Target[$i] + if ($compareResult) + { + break + } + } if (-not $compareResult) { Write-Verbose -Message 'Configuration drift - The complex array items are not identical' return $false } - $i++ } return $true } - $keys = $Source.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $Source.Keys | Where-Object -FilterScript {$_ -ne "PSComputerName"} foreach ($key in $keys) { - #write-verbose -message "Comparing key: {$key}" #Matching possible key names between Source and Target $skey = $key $tkey = $key - if ($key -eq 'odataType') - { - $skey = '@odata.type' - } - else - { - $tmpkey = $Target.keys | Where-Object -FilterScript { $_ -eq "$key" } - if ($tkey) - { - $tkey = $tmpkey | Select-Object -First 1 - } - } $sourceValue = $Source.$key $targetValue = $Target.$tkey #One of the item is null and not the other - if (($null -eq $Source.$skey) -xor ($null -eq $Target.$tkey)) + if (($null -eq $Source.$key) -xor ($null -eq $Target.$tkey)) { - if ($null -eq $Source.$skey) + if ($null -eq $Source.$key) { $sourceValue = 'null' } @@ -3768,23 +5523,23 @@ function Compare-M365DSCComplexObject $targetValue = 'null' } - Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - key: $key Source {$sourceValue} Target {$targetValue}" return $false } #Both keys aren't null or empty - if (($null -ne $Source.$skey) -and ($null -ne $Target.$tkey)) + if (($null -ne $Source.$key) -and ($null -ne $Target.$tkey)) { - if ($Source.$skey.getType().FullName -like '*CimInstance*' -or $Source.$skey.getType().FullName -like '*hashtable*' ) + if ($Source.$key.getType().FullName -like "*CimInstance*" -or $Source.$key.getType().FullName -like "*hashtable*") { #Recursive call for complex object $compareResult = Compare-M365DSCComplexObject ` - -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$skey) ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Source.$key) ` -Target $Target.$tkey if (-not $compareResult) { - Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - complex object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } @@ -3792,35 +5547,47 @@ function Compare-M365DSCComplexObject { #Simple object comparison $referenceObject = $Target.$tkey - $differenceObject = $Source.$skey + $differenceObject = $Source.$key - $compareResult = Compare-Object ` - -ReferenceObject ($referenceObject) ` - -DifferenceObject ($differenceObject) + #Identifying date from the current values + $targetType = ($Target.$tkey.getType()).Name + if ($targetType -like "*Date*") + { + $compareResult = $true + $sourceDate = [DateTime]$Source.$key + if ($sourceDate -ne $targetType) + { + $compareResult = $null + } + } + else + { + $compareResult = Compare-Object ` + -ReferenceObject ($referenceObject) ` + -DifferenceObject ($differenceObject) + } if ($null -ne $compareResult) { - Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" + #Write-Verbose -Message "Configuration drift - simple object key: $key Source {$sourceValue} Target {$targetValue}" return $false } } } } - return $true } function Convert-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] - [OutputType([hashtable], [hashtable[]])] - param - ( + [OutputType([hashtable],[hashtable[]])] + param( [Parameter(Mandatory = 'true')] $ComplexObject ) - if ($ComplexObject.getType().Fullname -like '*[[\]]') + if ($ComplexObject.getType().Fullname -like "*[[\]]") { $results = @() foreach ($item in $ComplexObject) @@ -3833,18 +5600,17 @@ function Convert-M365DSCDRGComplexTypeToHashtable # PowerShell returns all non-captured stream output, not just the argument of the return statement. #An empty array is mangled into $null in the process. #However, an array can be preserved on return by prepending it with the array construction operator (,) - return , [hashtable[]]$results + return ,[hashtable[]]$results } $hashComplexObject = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $ComplexObject - if ($hashComplexObject) + if ($null -ne $hashComplexObject) { - $results = $hashComplexObject.clone() - $keys = $hashComplexObject.Keys | Where-Object -FilterScript { $_ -ne 'PSComputerName' } + $keys = $hashComplexObject.Keys | Where-Object -FilterScript {$_ -ne 'PSComputerName'} foreach ($key in $keys) { - if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like '*CimInstance*') + if ($hashComplexObject[$key] -and $hashComplexObject[$key].getType().Fullname -like "*CimInstance*") { $results[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $hashComplexObject[$key] } @@ -3853,7 +5619,7 @@ function Convert-M365DSCDRGComplexTypeToHashtable $propertyName = $key[0].ToString().ToLower() + $key.Substring(1, $key.Length - 1) $propertyValue = $results[$key] $results.remove($key) | Out-Null - $results.add($propertyName, $propertyValue) + $results.add($propertyName,$propertyValue) } } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof index bd7b26b064b81782fe7531a17e9afa8232b3cf19..820a0213e79fff11cb35b3a56c417bb065f2ecce 100644 GIT binary patch literal 62143 zcmeI5ZF3vPvF~4Be~K;Ns%xpPBujCe#7W&36e-%w5k*Fztkg}VPA!2Y2@Bjsuz)Bg zmG6Fj|L&Q60D%GcU?)zJbIJmN-I<=A?w)?0KkZKPy8gbH)#Ivs^!bZt&-H(wKmPM) zL;a8)4)#y}d$0I79u|jrnV%PzMLFNC%CqtLVwTT&>A0GVhu1rGJw7k>WBu9RKFj#u zpWe^L^WsUiSJcDVc&bMqeSUILWb^B3kyU5eT%YsVc`?tJDZKsc^T$uJ@AJum>85}C z{C{7LhqJ1#&gRd~XZiGk|5l4>JK2f7|M`=f59X7}Yk)56V)U+Nd0W2YOWo?};?r=l z5Zb=o7N%hrZ;sB{ZZ(+{Lt*Czgntj1sQ=yZ@aJqWpN-4&Y?ROQ6UgUx+fmrrcrq_$ zYiTVTKP#SPue6OLC~}q^l=ksic3eS_r;{T4C`zoed{+FntV*bP?2kOjZ1+dS620mn zs4+anr|{V4oxNQDOuJ5FxSeveGo7|<*AmFSEo=)+9E{@X11`>3<~qi^<@5)m4clP6 zngPQ6BA;jDx;t^;|Gdli&HVP_#^Hwz=WIR4BbQu<=d;I%xJXs)K$`RKzx(V@D}>^b zNIZ;k>061Vz2dAWN5yQfn8VA(=rEsLK{GqX*Y%5(L_8=*<6%A*ks&I5m@Ky!vw4Mp z{7_`tw2SfiMOGId3#96G7A63rvjW_X!n~^~m!BoS89iT2=1;QWq{z!B*9%|7bybUks48F z2PauRx*V5ieihOhJ1?8gijgZ8XeFkP@Ph`<3LDvUox{Durx5deCJk>C)R%g#aud{= zQ!IofiVIV)=lZd`o6Em6m=a5Mm%2g8KCZ@?yjowLUCigxI-88k4;hx;JRg^`S)^@? z1bxu#)8!;X7svFKQXHPE(Y)pvm>OR$E}z&d^+h$CXJvj_WO*qSx`>>rj{#@C8(p?t z2EU#8kC&5ov&oOb!(Du>B&WzpdSjk-7S8g+GvzPaz`uF2<1R1}0{-&5;RkIJr zv+C3JpqQb9Cy9SFniaTCq`k9MQ@zE8>9uFsz{Kt~dkSm#bK}yUL&?8{2)_937ab|Q zbb7x#btIio=nz0X^a>^Wbo4hzBhWl8qY7X zt6Jh$U0ZA4i-PwSn-ms$}Y9@9JW|n!VP;4Z7}T=rtsPVO}%luy{8`v=)QmMKM}T zl0xxqFx!sBa1n!6fC`FL{uB)ck#5Bm2Kk#aFvK2w7;!JdUj{9!(Xr@K71 z@zI8FT1XQ+c7O+Owvg?(kbsA*=6U@g8(&@)qcJF%Txa7mOl;2SJ^nlyBgvqTK<(4K z#u616IIZD?r8rLgU5*>AI> z!-N0U8T_`Ws|5>4iKEuEjhw~OB_EJaFJ;;r9%PzlXS3>3ETm(rxP<(0L=3A%IN*dX zH_>^6?ZUxfxZTBtypAYP~QY+B4N$0$#tJv%Ok z7kPP(lqliG$;6@yS>=a^lN_M~oMjV4i-<4(2#IKm3_Q~@{a`btb6j&M%&S@dDCjv< z4+jUPsd7Hxhc|umh*SE&=T9L1?{WPPLH;39G?|(6P_%y zG2T(16E9$SEtP?2$0f_M4fNx>kNvJ+*p_jXU)NzukcnzhgDd%o z>*8|!6mKZ=j*7{c&4H(n^Wg{VtZYBO8$rggqr5iK-F`N35>P%6m zR%~&c*&>F;Y%bFnPK?5&9>XFsk&DrGQpDI#QUq$Pu6QdgM8e|;k??#09Ze+b6Se^#z2Gxvt zg_y}utjmB;sk>2A6SyW!!e}p zd)b_WrR=FBJ3Xk5O<*&yy|J@*V$bi{B;uL`glo6@eQ}!Y%0dTcDApJ}AE6z#OqK$C z9L~D!SRg$74>?GCm||4}82zA3pu{%~iot$&VF-1LanX?$#k{IeY-Gc6AWKG%B%@`< z+rC{CpQK1)zDWjh?!ak&>;(DNjA5iyj0Rz(q!@c2455|{jWd?cbRy7@(`f@_KH>zM zkM(Vjq#F=yke&9a1XAt>0m5QPFllBdvvi9D9DAK-rARz9Fo~&?>dMWPo6v2&rl$+^ z{T_92s*k4_uKC1t8AK1PDA6NzWtxx0MG%o>!bJs%xhkCi5C%WywY1b;2dJiTy~>2M zQ_0|JjJl^mjfA0Tcw08Mj{58D6pI4#C21m`jjO)i)F&SV!{roO=U?8u5X(kfRhQ(yEnB?r;h1B3# zg%Y&HSi9j78xBi1XPM<&fAE3G`TOHHeQ+USyDH!9-fOhKND3mu zd(++s*Y2xwiWbv0aKGKC*XY9AW!;+LL*jgr~bkgYk!Re#)vu0ddNI0{bJ(cI` z|1)U<%$s~=8<+*T2#9;;4XU$n@=Kmr%tMD{Emwmbneq#dM9@K+YGp2^eQm@ElvIIT zf)Q5dXvOEvHy{HIC76{O#$QzWT>aEvCuvEilw6Q~>E6H@zzk5nbgIAA!tEVHy|Gv4 z^chxD9fX)zeR|>RV}1Luv+WW-Az^W8D*JBpL{S?={y{`$!Mkii7n3a{)zH?skFLy# zPv)5Gf3h+-6ypho6Va*f(f+~l;Bjz(^kJG^Pvj-~Lk`t)H9 zOurY>rh0gdU)s#CN=pLWIH_#_-i>ybTYpX*FgwC`=J;#Zm!09@&_eTx$GuyVHoj+o z9F_iR`(^?Kec^{gM@Qfp>08xe1V>NCXefx5X@li8hga{Ed19Gl{@-KrSD$2mEoRjT zff7O}_(=QbSMODhE@h#GfAlgRdvAA-uv@>{oMI7UyIQEB?X}jPz?4LEwU{H{u$tvq zGorRIYs~>~aVxyQrX6U|XG$?1k79b~bMeX7%6iV;;f4R|7Y#`n2(L6Mo}VzwKMNcO zgp@fdMky|Ov$#A(enB-O{DYjCh$$VElfpc(ZMxowgWhr$SE1&cRjAoxz?U}OUKs8V zO+sNzfJ~t3+X8t4qu~s$8+4$qX6dg4BXT?2icM z0;%giLLf%c0|2>$ad9 zs7`QEQdWt0qNqAX-!a!IE}wVh75-b88K*TBGG^&ykB;B%U?95oAF2d!SX1Akd~x>> zofa4Q$1#B`iS2xZ^ZW-_qMo!5n)}JLe}rMJ*h@L*SLPYdeI|*TX@0GW922vP)20lE z80UQWtP#4{#n@#YhI5M_AQh@VEkuv4r(Wa8#fj_3I5(JpSk43%v7CwJvRqu;F%&@j zP+*LT`op}MuAyZ&O`tMQPCu2pO4wvE8q4|JHKuz{LRj`F|Jt)%YTEGN4Ql9YTii7^ zO@vXUgzJCE!UAGH4q0?0LX61=s*s-;7RqO3+V|2K0V45eM5Gpt!DkJ^KYdlTQ>t_4 zA#O!t1CNI%1Q6ze%q0%3`=3(-2=FJ%8#GCdFmZjYI6lV46b;OoWd z<=8wCYk0ncS2h*B^STBshI$f)bj5Oj+KmW0M#Raol1a&ytC~Z<_@6bOIEVCy;@(&R zJ`(ROiI2{tB7@GX{OK!MJFSSMJ1>7HChp3jpK{ilRA)%tuVw?=m_f5I30hkl9Av+P z6O)s{k0>Rj1-)gZzWUa^r7y$d;nZbo?m54iz+J<4m9iWrHxmw;2%d<0&Pqc`Ek=rPYwP+l9Ai)G}f3y$e#(N$wb4;D9i7weL)f zi|<4>7>dB^42Y*7hWKhs`FC`ehuDbluS(8x?v#u&!W3QQJLCr>bq7 z_7dMMnp32$5ji_@3NPFqh*siC4il28l;-t7WPA4Vp1r$;fq0mI%65<6A;Oj8gEC3< zZ?2DFcA;gJOW?)xRXzcS=F{$Uai7gTGxMw>XC9<@PGW-_H`vyqA|T=3^k$`t<_Ep) zX1rA;rQW>dMr4tI8U@KKT)4mZr3in? zg{#ybo5C~ojpmu)p!`n5C*a%FH14z0UWhoQ38VMTGk3;!Ox?KoA{S|f)~a9)U+DKi zepa|rR+HA%W{NDU!;RL7@$Z`Ms<)Q-C^Z3Gw50krQ?yF$syVuR_ajYklTW3v&I2?A zDVcY^fp43Qz~Lo$EDf3 zyZMt(eRH2p9~M?3iV}R8Iw^CD%;Ntc;T5S(z*6p{HGJ4J`$M0DPG-l_2KAl>q2_(E z3ILmwPaVg>77urj5TJc$z;5;iq!3`?G9!AESEfBt-4ZhHp?`9}rWa&0*m)AuZucxZ zq3twcqwM2^CRj|3Nijbvy%6Az+p-F(UV6!*d|H$$_cVW{LG4aF<)5IA>g&xAd#1^| z(uYdG+VkAy9tQOEAbC6`CBp2DG#}^ZC0TpaODj0x+A=jx05&I{J~Gcly&$C{Ct{q> z@mH)Nx(>6+eWm6bJ{~=aXp>n z*LY$zs+>FDj>fze-a4_Dj?T`Kp`QBz)GJch+X|j^X#$=qG%szYx$;86i`AOpt*1&u zIc}=qeWs#CqeT6sVtoBf0k6F$Kf?IT1KQn}4aFi~%|MR3N1a{qZjw}UV_0}fkQbP@{eE!Nt~luHI*l!pRFNPvk4OifqC0}n2xIE2+p7Jcqz|^=uq&29-V?FNz6eI08VfJC0{eDQq?| zIh8nSfn*udA4+Xee=fYqXj`invfG79{GM3RW~{Zk14;jI8w(Ue8Pu!H>js~kp{{hC z=)F6_(9*4Oup!XXakm2^nF5_!{HlpB^AD2FE~Je5_w$dk>elVVD`IxdBX`7r({3k4 zVCxNNvj7rPy8u>fG)N@dSi>{&iR8#|{_7ki8Ddr-BQKY07@9rb=P7(DJhb6lOrhRa zd{C-XPbFtYWr72-IIL!5-s#&QZ^+l$8X?V)FXa|u!~|Ya0Is49C(7Sb#^gSw)vVe6 zo|w8FzHP)N%Wd4rspJ4_<%ql^N`AvXL$C?-d&HY$%`zOVQ*e}6%&NJBf)g@jZ{;wv{5x zVOcP!GS}8k;lJKthKA`l@MZOgZpbjNQCF>Kkw48(V&AkZ8lGMa&VV$I^87m=FacAF zetg*y{_TMfD)h@jz395Vb3l^`YY7j%5_P`bQ)^)DbocT0EaSf#TRkA$?Lig*s!2Ac z^8#vRbIx|uwG^O(_RTv2*h-xiv2trQxMRcBBw1vq&RGpGPL?21({%HI+03A$YK(I2wa8kv2W6S_B$vz6b!=gW-5osC%jBXs| zR@iE|0e=xf-iw<%S%qu%sjY(EN>gZMQIvy*dWk;5C#XYgkyvn^pPK2W4o)%gDJcl) zD|YOIfSJU?TL9Q@&B>8=I?3rSB~wspfQw_tfAn=mo~MCX2Q+*ZQQ;A}hhq3fSXipn z3LAmSS)fpI*-_~o(PR*&V1~Lv7)p#JzlhYB;?vmjjoUL^px@Z1UA-NZ6&=4v=5Vi{Qt}>Vr`94= zTvp&oMXUF{wR1)D#dE`rC9$6f-wvJbQS!vHJ+q;;)6{|_2)C-eC|GZ&sc4t`Wu!t;)Q*=dXt`Q9n3^bYQp4Ri`W;_t=CeC<+woUN}<-|p~@fVwCfQ=MfQP;{}1l! z*h(~v=*dEtCX23%R!a51m`LQ2!?`#m6FnZ}12h5B?5ES^9}e+HkNJLsZ0XO0lxe5p zk2Q1M_$5x35>F33Q;(|uO9&Qz2&ma!q`m0_bMc!l!#-J72xlnn=Y<@lW(sHnxuhfH z-^P*=L_ad5SUR=C{z3=TTRqGA$rGZG=TBe!@|Vw_ak#g#0IBr#v+OyCckEGLDhHGy zR%Ku4eQ|QgzmR;hHM8DgZmpXRXqlm0m;<`K**X#|?d$gthxj4NN0XgF@1}+a$jt#{ z9hQ3dZuQl4>*6?(wY0?Hsp>0JKYVnFWvTY2(r?540ed z5j%!p?*_;k$XQrDw5fM0I?_Uo(gy4NSh4vag9~YrVYgCUx&yzYQO=Ui()~GsyVNG$ z!}YW5=H1G3lK`{PEri#Q1|36nQX#HGJj_oT2V7hX*+u_Qla#uh%p?w|fGf!lO^)J+ zqL_ZG>ckDgF}{lU3-9u&c{wEnH@(>tb_4XRLn6sY@ApI+B>R9ZE;qWvWbdVde?e1i zEtUGZ93n*Kgi0N*q=6iBPqWrR6rHOaJZ>C8e_ycNJEP-4EUuqY2UHH}kTmr`3aYF>#5 z!ANuq3aP&=#fx}fmBsA*IwRHtnxNCD4B&BiZ#~1Xw897&%1aOT*WSD;JU$Y(Pw_Qh zJvN*M%}xxv0-mUkkIN}pHP9h|K0>8`{`_(L$vjFm+B_)iS8q5}wt}PbrH_6>e+3NL z$>_K#3HgU&(HhgR_%TJF|MXa-H41?(Vkfu5;;V8r<-8*+3eAqQ$y!2*%VN2kNgEf? z(PPj!8$+2JkL<-}QjBNUQzSNy@*iC}k(EuK5S+LgQ=TKJ5E2M3(Z4LzIjX70iQrvx zUOUt>9ie~zKgW&Gbd8P@V~Gr3hzx)A_19m0-8C6gs{z#4>Qk6l%@N#xAp_N#qT`!6 zFjR&mH7NDl80h4wWX+DWL5O+xRW&=xJ#8w1=fjGD^9I|Pxi;;Abx%DT7pVZg0Odf7 zZ2=+<4cvSvD?|J4>zP*{FthAfPC#SNYS>L>7vH`+*ps1?Lsql`BPXv-(zJ%T4DeSr zn*EuP+&U($sRu~wdvNfYIk$pv*XG;`N2%R}sw|W4<_?-AU_ErV+r?XLTS|R*-7}tj zEq}cGV_&0cTCiD2hO99Nu_2-aai`|yoDNPvvz?*zobFt{Q$V5&JJA!J@^Rn{4h}J1 zNk)NHn~MW`7DOLJv$FSWL@B;+Dh9YCoB>C6QABGs1Ye|U4Jl-uaKXgD0_17tT6Q^z zCZuNz2T*>aHn|mJeo7ASsMxC^x8^^~U5>`xUiYD!L zx~YX0i;)y;S;f(<5n_(pb`W2F9mO;ZoKi;D%-wytRYDu;u#^W`2LXeFpc^KLqcJQY zMeT~=Ns3@2hS>&7X+iw#k7fK^^RL?VVBg?SbEV6lkss84LU6Y|ztPgDzVZ@U=}`3J zrHSHVZY|u|{bpL62YUV4(mbPzapfX#rV@k}PY!VTj8H}lKG}~B7DJQK>WL$k=6`n5Pf)UXin^1N&p!FWqaRa0!VG8 zW$b8(XBvj<@$`T(j zl_*7fBY6|ih^Y3vk(<^dx*lD3!7$`*MY^< zD)uIE#gEPha)QP0p>`T2$ED3bJ=23Z+ULnzVlBxaV`8IQ-2>!awrk}TuySi>XEg1N zS{sLoRkTE32XxPws|d1V%iT1JGpa7f(HImn;V=4eI6&i0w6_C=(DpNRV!A4I8w164OYY(}S)rNV~9VH>j*K=Z5RWj}eOs|#+eU5`a z4!$W!gG+EhSJ7VrISh3x0NGpDljfBo(S3Zihwn{~U-Ms)3m^LU)KQ! zb+D$nF&&V)1g_na835cSBm&t}OX$YInVH}T5+5w4GAubIf#5mSBx2sGJ zYMeb2dQ!t_HLqbxsbQ8q5SG8RE!@*&)V$Az$SQH`i)RzSuBYOdl&Mu59uC;0a`Yt! zZz1P%uY zakvedUoUI%v1{A=&i`5`neg`3Qfm(XD$EH@`E6;vnM zw(jgcmI^ec+oAgEtF^1n5CAnef@8J^MvQCqbdz+_W{~r3Oe{F)q>-R`u^C3erf4<( z0)ZTqT|=iD5&#+*<(?No$u0#Yx}Z9}u(b#cP~qsUyd8FeWLyY> zwyjeyu2{vIJD7E-uE4vbZqhxNI-gv;38O}W9h<9EVFO-$62xUFHbTCSwX@-7QI~E$ zvC`oPdw59yj9N#!C4~e)c|aueb&dyD7=&`f-LrCk^&pF1hP{-pXM-GEHY$z}-k<@i zsjycmqT7dl7hk;Ke_!agFJAoOt6zR$N=Gp4@viZGN1qBF8oZ^jzxn2Z8RE(fXcwh( z&8ODcPS#sYER-}{560>_njpy&v2*~MN|fn1=!vL_^yMLQpr^E1eDv2}byc=F9XTH1 z-96q*&S;homl&%~K5(tEG8dlGD#%nDYO=WNYm@vKU;Eol_GYR1h57!+E(z2?-f- zAk#!=z_V@FJ6sXmrLZ*TZX5v-O-_E93g~I;z?g+7n=PCa<@x+#X|2DMgnRL;^-Fzi zZzVU)=Cbr!D3A*$vEV*x13Nem*$mn-m|@{s&&_pekfXDMW{A*N){Kpy_HTfs#du8d zYzV^6sThiw70xkB=(u^KMcf5tQF<1tv$65erhQ0>%s>LR{YH{(ggd_*h*vUi$T{4U zXx~s+v;RsWTBBdNl0h|<_Y%)1Q&?lc4RY$Q6FvY;SJ~>lVm`+99sUe2bycrz-)K&! zi2AtV4IRw3L3T$xET+hOj)Vn_5<-5&Q^urPD`$D>vZWV>0>4ob1SLZaR_jgvR(D!S7l+|L~@yh7%B z4|eF`m?#H@u3l8tcuPZS)*9)Ab1d2dN^~u&9h;U?fC;ItspPKvGjzaeNm`?7lx=ZHi1>&q0C;0&$@Vt-D-CiZv)O3Tg* zG9IDmkzy0BA_h}cZ3U>oh3!oG8u@0AIDQbkFR#g3Ow8z}uY`FBwqrtsz9HT4Lr}b} zp#d@cU}yB;-;P)sQ#&km({1jng6)Bg>%T4CHnBR8-)FY(Y;OjV61V2H?YFzjLJ8#m zXS1TPky&jK9r>*U3sH(g* z%l%k;&}Gnnvpx7p_@JxbnXvsg*6(cn|4=1w#SZ*iF~E%-*oFt>-BC`rIby>7Y#tTI zrKP@MQn<`3Z&?JvkKE+^2aTzp(R1t-0p=(oQes0Sl+8D~VEYl-N%Bt9oIqIteDzpv zT{$LbSAFT6ai-{;-JNJew^FDJLL#tTq7OZC0QwdzL9?1 zU3rdx(Q9&?#5nMkbrWL0Fcp?bNTzv`?Gef_7PQtW1CQCaB^N89bzTep=Y2d>2{uTf z+Nj0Q=^e{|61WdkgSOi{<&_D2Oip zH4;$h;Y9GuZfk3uqDwfaZFcW=*Fn~KR{k%0m=E#kt|M&Yqm2!2ceNO_giTq<1L7Yi zqokJmQ_0z+H%k}!{{3z~RWS56Xdf$C!0@X8Axl+B5a|n6D&3pGp0c4S@d;1dae=2g zn~cEJSylBE*{a2~2M7HS&leKOUdbdcuAK;D61hJKwetE% zBl2^EZY~_kOZ}?{23BA;X%(--pq}l(n0G`-&?s9Uerjw20q+m@9N@K z^To(~erf4=P!*y5Pj1?}R4X^N2!W0HU^GKtNH2DVib6g+89(SWA~b_= z1%W$YqL6v<2P>6Mk+ttxFJa%QxfN_4WhU*-I7M}5Yt zLk>?rinUM`H@>@x(~_8{rkL2b_jdMvZ*T2cx}04}7I^gT($6tU7GFrM3u%a^t_@=9 zCgNoYo1Wt4poJVlwaB{Hwu<5;C|slk6I3z{5$IN<{eg^Srllh|Kl7nI2wly=y3!{QVKl6e(F564|wa zAe=)X5wfq!bV$cxvM8-NQhp4m1njIh7jJG0&|7=_#{h;_%bp8v*<{@tbymXi$V4=&cFa zUybkG8zz;zjY$u8A6xV-n>hlJNbfhFqxCoIlMJRzF~TC6K_|M3V8;vF6C^`yM5c7v zWRSgh-tqAN`uSG`0W^rU&fFOxi_LD8gF;ofxGms5t}Hc!R&{%35-=oC29?#^+s=ga zbm4f*XphG`WEXmJjk%ZC_|bZ43uNn*UMEI`UOwp~tb`}1GocFJ&1gC{&$#q^=EJ6Q z(c*aKcMAjZd1*wx=?vNR$MwMDvAd1eI_=tCrtIK>N1gEa3)hKFTzj7Sw#b_n+qz_( zcB$%7A{XaXZiS?{7wme&Db^sul#RTm9)_OS%Dm<};#1u|uw-Yn@S0MMn7o|MV;7hQ zf>`2xGt@B+Rw8~;5~EV0B%QxVXRUh*cM|0NY6eoaaIM=_fTY>SS}^+dK{S>$1~dJB z0q%bB{KYrsv5C*j=w5cwh-7=qa`lB>`OLX(q$y}F1`V_Y9)ZHzY>oph%FqRW+8eZf9oQdO!8^WBLW1w zTtgBCWdT7YVB@!VHRkkDmcYRQ6TGDU2p8VrT_mO5xvzDxW~7{X ziRCoO*lW=3evObtehZ9$7c<50hGlbgnkwJoHOwvo_Inj?0S;c{4|jt^TiHXxYN*=X zUQdPQ>+y`GyTRhocf`KRFUU~8D!*Jz8~0rEAXP0+fe(*`ezR$kDUIqS$=KjVkjImB)0e!Hg;?$z;t47gLA@q!rP`bhOP)~O;Am*OH)-7=~@~e{L9b8Voh8@<3R;t#!d^q4d?{txGJo~! zUNxlBSm|?TG?qutguZ93e1}!m&yZ^JNmHtW|2s_?~>0jZ*J`PKH7{o+3=f8lAiA#AH#C(s&SN$u{ zi!UUBl(nHk3`L8tm`dClL*BdF;vwFNnXoHa6-ypX`_5jsbO}AF=<8M)kO~6CFmjvO z8p5fUEW(Ehd4Nq7ugO@Omm1khaf-u%@P|(RnyCx5r zps@vCM-<9o*eYu*d$j+Dy*F4@+)i>V&n}p>ROQ&<5jPG&TVWN`jEMAzVl*rlyZ!l{ z{QGSwk>|lTcgnFT#655~8~UR=!E*%Ty>kSnKha)uLzBhj3};N!r=8p8xZl;>JMy(C z>X<2k``m%1DR3sodOtp{r@}+V9k0rfzDjKS``8T~bcUom+t$#r4)lbM1Yc06W_Q(| zF32u;%J#?JM9^vS*So>Xh^*yug?II-y^*X3yX|}*E8WgT z^nxoaL2++KzSnOA6#S=q%q_|Mh20L2PpnM2!%bc1joga_p)b8uYkE2%(&I`OK=}i#&&FCRdwD5xHi9WH3$eCBrrH=A535%$~-v(t1~ixg4m%`s$AI!&`1&(S2bq;FM3~l}N&XG;U+OJS`N~vm=k1-AA7v4)#y} zyXijt?JS>OT#Z8;U%j?3hha$c3quOfaNLC1Up!y)Xaexy!S1!tb(Sfb;#oN=LtlIv zNrvVDS`g%*Mu;3ta^I5`7rNWJQ?hd%%#-Y}V9m4oVmwv#5C^oYHuSWmEzA6=Rp{iz zB^r6orjboZ%8L#gB}FZfn;~Za$4+zut8oiNXW%$djfeZ8^Y1N}-}LuFRy4;)GgB-- z?4@;u4QL)RaFWdE?A<|;hY=eRaFpZirSKWPpgub%UUM{{h`xX^0-EU4QuS~(!HkZ-iDm{p?%r-Q_|ePt!a{HnTY?W5(pjC!)zsjt7HBfDlLUeS?2 ztFMj}v(Sx^gBe<}qSDThT*uvO+fF!yLG`c#{LR~bLi0BWUxBF*@Fq z$QhT^2FSR;mln_rgik)dx$zsZLpW-x07m+FL%pL?y06Ej66;SX zc&B}(C7vd3a^Wc;@vzyGm}uO#Zit(r9A)D~sV07S+z}q~s{ecCaH7rbd6?7iigg$sJ*gBDcela40JUB6 zi>-}TuEMl2yed0EH^}tUTvq}2j{UaoB>T`DCWO6pN7$r!0SLAljqwdjI)5TM?WCgS zOGSB8Z#c6=OFh&DyOIDSx>0CQlYq;L2fTJwSpZ~u+RYRyM6`5VwJX-OvalRLzu(YsuO3;98MN@E?^Ub()?gHvBZE?D?&%J%a}a) zOsWSNM+z_t3sCZu7SH)PS~l4a{1PlAG5J70p75KH$Z@1>j?Sf@;1uOsiKcw(sTh1X zfsRcH49O^59xp?nqGBMeKUue-#pLJM59GU5(j_{a8(5O3I*--i&z-V?4 zdSS_7T_J@57@tj&%*IL4)pcJF2MJXyBG7i$c%}u?ba!8JHfqzj7rjBHT{V7VnHy(Z zYd5!O?owon372F_uGVY?Zm>R1xc`toIcC_JL<4mjFt^*j x&_eLL&;Hk+-qUr65{#bgaHbs57!UC#>6O}=s1Jpg4vd=T*T4Jh@4x%(e*ix0q3i$v literal 73952 zcmeI5?Qa{`mB#sX3-k}zZ$cK>BtYZD-M*#8evtK&sB2qZOR@_TL19_4k#6{pp8qVB%&U4<+y>t10|NG~`*5K9P$zT}&JsO-2&g18c z!JEO^;FG~egWH2!gD)=seKh!V@Xg@ogP#qaUOuxixHmW$><$hGe;I7Y^WVqQPvhsk z81pRtJ&)gC$G@||Ma;yw&*F~fgYROdCvi=4J%~?UHBY`DY&NuT&)MaZ!)DfhH2>ci z=)XS?9>*9jVvN(lFX9@r4`Xhwy}cY6E)ECZ#%CLG?R|X0Z*PJM{`U1J@f4I^#8qKY z&wndM`LvnkQGEU?s27KC2mgpq{w?T)>+=|Q*o=JR?if3=dvpbjecoJ6_ixKyN5B&Xi!HMp}TN5u{42~O% z*$A(1uQ-e+@Mfoj-^X*KI3#rG~?W6 z@O2X2_HF!EdKAaJE+4X6NNibJu@_XdrC)2tvynXKje6J1KXfl@5ky)=SF{xz;1R1s zyV1yQp6e`Na@-$BAZJ_#{lutt>{&i1pH%tRy(T~Tw8?A6`Rk%6IsIWIF*3nf^T(@l zN4(5M_!#^J*~YW@hh^c__#6L5WG2hO&Rz}Pjr`1J5wRD`6A!|MndL>3qmoUg<~%88 z;p&^_vnPX>@x(^ZLMC|@zdeb6uj12p@sphF`}n6U^?h7DeZCJIe-{ zXEEk?G3Q0dlH3t5dm7iyMt}cLe2Pcr3YiTE>rTA%>!1}Hbwybv)a!3DGfMz(!m}r% z&+z?kVz!s@cel4)PfEwN{ca<#gW#={R$s5QEG(jlKS&**mZad_MtrOup2W!e?v`s8!;1zoZ2HW`lc zwO3K)-j7^^`iI_IJFj!*GFvb3ag%eLH1T;D-AK(jtp~a6`8J}C-5Bgg&bb#I&O5;w zI{z^K(dna$Nw)J5tF9WsJIgsX~qc;4ecWu8D zoSihoD}xv?^3$LbVHGqT%mxzdAlt+aYjg^?}^#w;O`+1W|Qwa4^HSJEQ;2{7_p47%fyNP(cc2=*Fib* zKWl#CU$cXr=*WYJWAzk=jrNi2p?N&F(byt)B0;XEcA?pApGB;1+cq8e!x&i|OZ}f` z=>r_cRk}J@%US%!^Z2TZMsM(cJgv3K7tQ>2NB(wvs-D$v2EUH~{v-a`BOb-r=-+P! zzlytdn&07MUXLhLS&?Kl^kU^&Ea`P24N~)I_jPGCodMzcBzzw-E@R4d>U>vM3XdZ_ zqCfbw=?D;iuy1w#q`AZz`FmEm%Xo4p_#xj^zmcqf-!#^pxUT*noVLg4>*KokQ1?|{ z91E7Fn*+rQJiVgG)3}3t8>^u+%DO*%W)D_t(PdW`3*ipDhO-SUk=%j*<1x8InFlgP zc!jGaUtay@R@D~#6BPrpSx`7A9URdpgQ?hk)e3P<*Lt+WE)bR?O zaxF}e2fy?>I3U*onU5PZQ{J;71s2xmhsFH=9pf^p>|@oaC`OnrMRqVDPS|^ux(%ho zd3@N*1}Xd|D^ysHvY*-TsBJtohZ*QCC63^G`yH@ow_y@}u}aX%1Fs z?IQ2+u7Hz9!c=KF5}EIDTnA@KKYgeD3$jQ}!-5t=m$9BVJsb2tDcruKuP@qN(TMEl zEdDvWq@zO~F5f0QV|DtxK{PQ!|K2t_0RNy{YNq=_<^A-c@}5L&Tu#bT;zUjAKvT)8l4;M+6z;oI(WNIq8g);~IBN-4pQG1e`d(RL1T!==>tt79< z@g%e(;alZ~Pk!@#u?K|s;usa(0AhZaH^~Lk>vW_IT%6t^v zgb$?e$`!dO19K*br-$o}!5L;!WN=}2(jjbu)oUA3?2<-$Vj;`8qHVv)5y0aNbd>b@g z1fR~6{Wshlg*4C}p@YBuYux#~@htpy8o&Fww?Q#~5e?H{dT$ms1JaDD(bP-PdJlb$ zH}Mqui8fj9BspEtlj@`66^CK3j0EL-#hi)~&}!T5;=|bu+?5ogNh!Y^VHo<2X5jnv zIUW*k+~#Y3no~E>7yOEld=O)knL!i!N_5S9ti~V_kj#E88nHZ`xEnZ;Q`4D9PqSXS zA)TM3Ay;$IPg6W@iOaI|rOb+n9oQY3iml)osGi!smTnO>A=XQc>fI^Xx5L)$0~Awi ziF|^6;J2v5v2rY4`6%{@w_tYLQJLk|_BBpNMjXbW!&TC>$Qsw?5eZ+F0U8wO&Rp>w8mo+Ih-24oL~|c6_Y9-er|2kkywxS4UHI*@-m$ z5K$IK&LLbp?xK0|EZ87zYX}u&?qGcyT7MjxK)yzWf)$L*m7XO!&0AC054HKLK*=$A zynia&#j>eaS%FkGD66%WvO*_|2Uk~G{qTJdbDTz{q}inBef4dx!DF$$r!jFpQPxsz zOWFzCsd-ELp{s@;R3^S^PLh($Y7~EvWM;LcPq9?Z4Vpz({w`#U&Pv9zMO=Bxmq1;{>Z>K-70RnEio6%kn=>9ZxG>+U zkw`tCZe8v*IcggZsvmW9wB~|8Rt^jPs)y#YH*ywYfM(i`@$bh!-qG{eUl${<8n04w z$ll1;sJOMdbv^pRx=(wao8+6AM2w?*L^Ve@BK@m1M0F@0j@5bo?|Z2@FTxjd?PXwx zui>fGK>Lew+IF)x|KE(jhxM~b%wY4&m{V`AjWmP_US3JG!)xM_d`J3dM9E?t^ zq)(1V-9vYPtYbb;K`biAx>t?Vm&-0G;m26ZAWCE7bgjugxJJ})4~Tq(3^w1&CZf`b zCI6I;-;1AA_xbicE4#|N=o!{MR@nq~05u_YLq$Y)g)8J`AjlPZKw7;}PbV$Rd!w+s zq>Se?dzwa-=jpmf`IPhJvQoWTH>u1LRaO*vd#*-w8B*+`8^6SgvAR*(v1B=A^*@`$ zlpTR*J~8gAz=WfRZuO02jti)b0 z@5`a`Vx*Iu5Tqx|r3%3N;rp~pS=qH}RjzWcxVN6*BaY%aPdE$nXJ0pxVr4`ARGrkE zudKMyCqGZN-Ze9yVmPs!$ zKsc#;p?#_4zU01=>xu(i8uu=^Jq|vMxwsT+<}#&d#Hps~jDxK(1rvIWU2`Nx<*rMz zDm)GqRN13sHnLJYMY%IlnHEpzJz!`d3L!b}$MdqLbQ%(Lv|=@!>)i1=p2UM>u8X(n zKCeV`Nz2QenK>2BjMvq2uOs4aJTK%PHnG+kuuM6_mypPKY5Cxt%8sq~-)a4@OM2eb z1@hE=Xoz>ns?V<|BsZA%#mvs%Zg zP4H(}MSYchGQ?*rx%4+k%bkCC;AwKj(${m3WY@(jo)|4*=eB;w9@~6p#l`ruM0Bsy z?~dX7xIy~cF)WFG<&ML?@|~qKoEj$&3Ieu(Qm?tzl_98?4bDi5H3jy~s@sdtL4xf3 zVwDz8M%0~b2V1RCk~-_Zcsh%nTIGoAhR~y^)b9u1?)8u3(+7h`p%rJnbE50g2J@O8 zw3hbups-v$z?1l#iveaLsoBUh~%tfCT=iRG%4>Alm{nHD$O7C;YuHO;ee}BMsF8lQX0`o0we-j0r!Jj=Ljtp@P}l6s$6@D60>u9CE45D_E@{ zV^CjDIayoov!jt&0vTc=nQU%g63#!AQVWpn?d7@rCT{4}mQNqSPq{W9LlbKj+YQ?HHbL5#$H z<>cb1;34%zGx0aQ4N>10L2&@p#*w#F|?MIhCGQ4NzS6vUtXT$ zLElZbrMFMpI!$E&g=7Y%k9$h$c$bK(gg63Hc;xmOaeYx^{e%5vTcM#x@e?oSeXQCw zgQsI&UpyRX(VUZ095`K9*3Hxes|_VNno zH9Y}5My=<5qlC=Y8tN#1t@{HSsUG2v2^dqb_ZrSjWlUy9Cb8&jeH=PuBpo8QuEly1(mU|(f#fs;?j#n2+{ zZ6@!`PWkMdVnsPJD{>l_-6i=ZwtBIB?WW9g{SK#kDXiCeCl+!g%ShfnYvkshJs3>p zcb=S3IX2z%a^-~4$=8TUoOW3L{vhZimUGSPF^BOy)GL!9t|#i#Gq*%JtChQ#IP^u? z)d_K@}yO0LxJJKjd8y{tjv)YjdlL zdf>tLCxJLwgDD)ws^2mZQFh`kyejr}(1~%nmdkfpnGh}8>%781=l78>lQVhc;(-Jx{|YPHPQas<^;WUlB9 znLe6MuMiJfo(_nIEq4yHm&f^n_lQBOcev@AxHDJEmzjkq?ntFo19kd+zxHRDYGRLR zcKi{~_}_z|OnB*if6c5F3$kb8L3);U&*<(5nR1S#vz~1$?(MFZ`g&XF@6%61do0m1 zLTbl|R}j5M)V=R1cbVi^rGCwaS=OgzWZP;q6(4;*dNZhtmQ|uBd$47K7tyL*hZCMy z6RSwP`G?%g6W(|li{bnUt(>EQ+=*AP1zNxBd|BFQ#OK$|#JQ&GIx&=QBZ5P>y8*n< zK@O!JNtaylg2(X$m2}#B=}E}ItjEjHJ$%0Cx*xxhZ9I#A$e7=iYxPA6KLfv(tNPSA z@ zJEOffz#3b7M*OzcLD6BxO%1I*NH>qBWIz1lUI!I*e|S=!xhN`K=YZoqw7UR{RChx8 zFSuc!x!OV%4TfpgZH<`^6>Hws7!8VY{?Wk4M8AmyFrd<`a zd4AZ^#=iEjEPko3+d8A2b*g*8hY0QcR%Hg}d|xNm5XtE#Vu5|}$X(^0^)zBSwfpPv zIhu!lt7hqooh_=Cz1BJF$c#SpSGdl>CU;f+d7nGpWwxZzkG1N24lioeMbrBPG>vwEB_<4nshXN~G5BpW%IrHir?1){U)G#ZWX)D(tBl+^R9kzs=LY28 zN2j%mXRN)i4Ep-UtS2%K_!KF25s^VX4Q!#CzAbC_*f77lF0fqjsbtzniS7pX$-|Vq zXJ^xu2im9jjLtyOo920SNwGTK@6u@tbVxk9&O1$iF&>A?c{gJObbhno1fP-=Z#MK| zGps;}CUu6jJD`8&-d8%QZ7ChB$GbY)J6Z5Ucyn1x-Cg2pc|u^;{BWEdDs*}~P{BiF ze}b#BYxJ7mlouca^=VG9CwtFi2bm3lkWTe)@2sd#5?!@@Op<^y?(EE?G7*Vg~Mv}zE~ZEZ0l78RoB_kDJ@?;$)}+c zbok&IO;Zl8=Y#`R%)J+l*F=A`t8)6idS4wc#1r1@epQ5ln)BufYyf-4v&e6tz0c!6 z?K0wO+E&duJcxFp_UsYFd9<=1W^k-%ql8tJNbq+ZH`^3R;;A=vlu50*7ju%y=>EGS zg{mKvCLCVA*2 z5zkx8(C9OlyXo~E=peN-6(N}@I3=R(C^C-e*CT#Z|B44i6?4#*+Rb2$eZi|EF0okn zA*1P-DuZ%l??No&d#$mhkLln{RAxD7=HYw}qAJ_ZY0QNw=a2}ec zs_rUj)cT8cu}6t4n{!mL6v?Z;uS;ru^c;P!>0PZp=PJ*1ovpcFogeV(!)j5nZBEvP zdC*#xt`H@qn|BJ$TrD!#JN1cbioXUO$Ma0~U$sBa z85YahYHIg`Bl1Mm{Hyg-?Dryilk?*>&jz2z-(3ig-?`oxAB;Hj`3bAW)!kb1aqyi- zA6J(*xNp1PP`PT1sDJ6_&4+rNvS)M%_9k#W(T!Y}QF=XVE$ z-7$=#`k8yFxyssI(nTK=8TWbkK3>gqG5Ax=@ha|O9(Q5rU>(Hh?t9Rw^ZmJxk$Ro1 znXWi}F(}eC_R452E4wNw%aRW|!rsd$>!E(*y8x7Tt9O@AsJa6)?93?OmDIg~@~iJI z&nVRjj`sej*Pnl!EWr>`(6Cbxy>M@Gcl;I z&<*G7?7C(h9IWZRqF>o{u9mC-b0*Lls!>2iWM|Ew57yqtL>IBegm!4 z>W}v+dPFGO2sH0S)t5F_uN$eCg!JqAN?j^<#WEMPV-rsrdObd!Z?rCPmS)LfQoqoy zS@a2t@gG{5?5ADwj@PG2=nJSzi}DR<$-P^9BuVvASx>`uY^@K1W4t0gIIUTv-GVFD zb~^Zd{N{MO9e-o*x$fZiMGt~9?gnet8t|0t8OU=h{ORo2-itBdwJ)MOL4l-7&!)5y z_WFtMT&-ZAG}Q&R{CS)dC7jtMt+i0+9#kGrgD>^>J#;3(;tFdYQEP?F1w*mco*$k zCRXAJSYh~S+Q}q-*Gnp2haB)=Uxg&7B2=ya^u5?P-|Hopdm#%V)6=kz42i<;;4l1F>*R+*XnR3phWp4Uw}+SQl4mOljFMW&o@tu40330|Bhxx6~% zpz&bz)TsEWem(@5w7Fg{J7Jd`l^J#Shar!W)|3)YKAKkKg%r zN4(r&t92HhRUd#Zcw1NKc+g|c4#oIhu(BV|DZT13b4FPGiPqKEkK;TI%H8EQ<%^+^ zfM1vD&jS(E3B&WR`GRUQ_k9+ zZ(Wg6-g#YqSMNoxEAL;0H_12am+w8w@fXFQ-Z!updm+fX$9E5uH4LXYz74%c=e4Gt z-2&eB@QN+<5AWHlVq$*+_Mr|#z8ULx<YbQX9{C;zb9 z!r!*Sx(?qm?|Q83v@2%Pdgn##0ojlL?!*d_YY$m7b7;pC*Y(CPYe&?A{G|5+uUcQ4 z_HJnXUiU%J#wlFvhvA&`@=eIC5l=>kd$sD$y7$vq(bgHQ?sWC7Zf2FgPu0>YG-uWr zk(wtwVw)>uUQ;{i9jAJ%@sYC51^vD}=O}b+yEF-kbv{M+cNkOeOVhos4Ia-zf?838 zTkQ#!bH4<(rMu`?h;ltkeZ`4&nltz3fbZf`+7G(PZ)~GmF`Fy9Wk^q6D9@;;8iI0r z7v#Zwj>@%uA^mY(E#EH(_e4=AE+Zq??fOi4^yF?$J?k{BJ`CC5MUV!3Xsx>KX_tW< z8jSbS=>^&|iFfw?NaF^#_$Qq_A#CBEolP}gU6#MN1|43~Nu*;h%lm6MDYNtlS93Ma zIq!qLYOqtC)fFKZ$Kr7{OP6l+)r|g8K%GzR#N~7YqOEGEHjdPUyg9!NJE_O^$bGrT zA~UvTE`tYE1|zRb)El?nW$u{L{y3i~qtjQg#JrN|kq_m5(;AU+DwR)=J5c%KUGU9! zLssomCHtbd7x52|O23Y%#?H_;ktu4YX5E$6>9J&l-UHs=8SEX&x<_NFQ_2j)GiPE% zTD+FdW8)J=PHSfAuaVV$(8o^2^N4%IKNn*3*s!?)ook;o2 z%4NR0@h8N+mpP_Bn-@T>POq}NN>oijzXgSziF?_XEQ4&T~L|S(nk|H8A#dr zxL!Io*FJR;msp%fTjbjl_8J{lbxfv;@0w*jvCLMi1?h{ja-p6eqG+eR_O9dK+Wso5 z1CLhv%=BhFhZee?=5I8T7(zw}59E_rEhF)Hcl}iR%ha;Atx-FazCAgYO^CPqLBUyg zQINzIpom(metM_zTJYc34*SaMIObHGO+VKqFZ7ZKp?XPDQ~kFY{NYCro5%%ke(wco z5FPbRPW<%AWuJ`Y=Uv}h0CGf;Pp8D7@!7p2KIMVr`{Mez;YzwUX$?JRnvNm3TI0c; z?@hp?(P!bLU|V`y(-^wC2eOY!xG{j(22a z+fb}H3oft#`4Zx%vl;x9eJ{3-?&B}{9dA=+72KCWq-hPId4(ylddRM zl-Q}mh>h`{5ESbDD10D20Lg@GroKnHt#V`Tb-yyHDQC0~8%D>coLz7GjrU!rNfhfg zkKkFOS!206ndeN?ZJ9Fztmk!X$IF8mdXJp&jp~ak3bp&TnRQG1 z98o|=YkdB_Ks|eWIs3YKNNnS6lUI{JL-Djzez8yPrW2!kQ&)v$YqBSyYw%gaFFu6|-Q1UJ0JR^MFRHOx2Fj&>;Ur9?V5<6hj;=Z> z*8uRDyz{GANA5|aq(X27&#DG-4qYSrSESY20XkTo!9QOo%o#9RsCphBLiEJ9(Agpj z;BTTW63{nXlp1|7x>LFGK~M;_#5L2pTX5JH!@k;i97sC1VVyz!(PSW=$sa^MKfXr1Y7F^S z9I9d2jnRQ`bezb94+jJO;+u-l`x0Gq$vx~AMjK_ZepV|1=o;AZ?d%()H4?ow?OBO} zcsE-&*Ja7-uPV3nE*2!fE{0)fG4|w6!XM(gN1XH=5rHb4C!rN9mgeM{6v&DgDSi@* z!wQMR7^Tf|o8Qd#MCW8*Y%J5hOa&5oz64r64E>svNf}?Gy0~mtjpxJA%8Y5L>FM`m zh1Oyz#y`&%f>7<;v5*7F}+j#{2;uuM!$zcN0&2R5yBk&L|Xgcrkiuo_H+ z<~O2SRyX(^a_R9iR(vO!h47G1D6h+#={v;uUTy72U{}mV(9|`XwXn_ttb;q3elj_7 z-|Aq*&D{|%cUzqFMffm0Dj31z`3R-+z=J4v6lV?IZ9Wrc>h$u7DJJ5P?{S8UGBSB* zG6&>y8s3tz^}Hol&P5%Jhfh80#%A}DzK0EUi}m7XT|I^?^o9-<`CNJC44*k?Qzu9L z6rm}OwO007qhpGn<(gWVqmyHSxNszrp{HQ&UJyFY6S8pOoV_7^i;H$g3ujeT^H8nW zNbicLkenr!cpVg6qp#+9tBIC)8Y1xD3mc=dgKM$``dOmf=RpbKtE4|^)Pcw5uuaJAJUqMW+nI9yqt0Oa=yNLLN+j8 zPsCAox&?PfNxnC-tZrH1|Bw+CmRK=hG&?RYaUt z&vjFlXg_GQTj#9pkGjYraUV~GNDE|8=;_nu56wNMA=t}w^yasRl{s?3G(hsv<_qSrcJ7t7~sb)!5>%c~(^Meg<_P9!w4*$-4K zM8DBxG}`xA!t66Uj%?*HBCT_*w&(CYRJMt;^Qc#iPlt!S@by}&#k;Zku{wN}sV8+A zf$dlDqQsZiEhIpsuCa+y_zz)~aixvRUhBz&>bax^&0aMU$02j~qb%z#B;XO*$qR~O z@24Q2@d{RcLacfj_baAPMu*HJJJ#jeigZN&aC{C{9CC(rz)e}b^KER37>uXV{<^G+ zuwQUdR8M`w9_Vbst@@XlF4TR#m6Y;ZrioiTN9p zr$_5a+PT$OG0)Ro&UecXV^s3lb_LOE{Y;rZ+(bT=*&I?| zY^UQ@yBBk=o91+!Qn)YoY0}fFBPmzjhn_txI+N|pd3;>;BD}Ld5kL#dERu-K*sJyz zNzv?;1zlX~2r3WWp5;_nWsk2Tlc4@3hGzCS**5OS2xaYc(|X|;+Leb8SEUoKBgoeB zy}(>)n9MKHQ)4K5tw(TYKV`Dccu-qqZC@&XbWS@861%cwa&9^!zxuM?;*E zq8X}6@+}i;PkJ({o2KDV-j}?iDfO5K)riaS6XrncIMV(}yO-gzTvenRWS=K*$2+#U zi%TSddhe;yT8U%ctZ0Bi&WLq*yfRbY>7Zjd=wPerN8zjWz7-sTkXI|_%Oj4W^13tf zmAR``ImKjDj)IQkqC>ULUg7(|M-`NI5YtoO4P9y4WF8+~K8Munr_w5x$N4;(e_ZsO z{0Ua=xZKb?$( zRTBEhdSBNgsC$}pfy-oUnVWTl#BtI)PNtnTrINyRwWrbxC&Kd}u{@1hzPIS+PF?YQ zM{IJ}ZXO)&g|>Ojt&o0qAF!_;lshU-woAUm?0d~;RO#ZZ zuS6K9PsJ>6XX#~BY)dbD#LR*$y=%dqmuKb29>f|=N?9G`zXq0>TTjS@7X?aSi1;`FeQQqHw%-I=LFfHKpYRmeXIn#MduXG&%kI7tcNtH5+7~^L z$=p@n1EW=1)`4>TRU?)bF?+o)D<3~G#5GR2SF7C-!GGat@EF6$enB0nB^}otf%WDZ z5hZ<+P9FGETvL{n>wd%?eJ`ov2lfX4(k*s4W1)^Nliu8Nh^a;M(w?%YNa=4O<4#1Lr3(sj%hq9C_IQy zvq!pWEK6;ptI0b?XtH*uI8NhN>Nk~nk5+FeNcWuOdG`f=Kw3KOeLnBGz2$M@*h$-neRI~n27YjL(F?<7V;&<(JlhLCnB-?N_9XY}yK zmh$Dv=$Kb^bjk0^IcnQH44+W$v7o!f*$mgc&%)f*)=^?*i^LM!NaD*>k=-1E zyS^zL$x)qi*?*VuU_0vihjEAd0ea^FA4BE`{Yc>Xl%AZHC=LPRJtjx9hZ_ zF3xHnLU!s-y{pTt-s#>P#W&MVwv(zrTFJQgQV?Ft$MfzLDRi>293}em9j1H#V6S_^+j^$l1gwijgO;NL7w-6 zVo}f+Q!EiKp&xqj4zsKi)!Kw54`ZE>x=OVanSt@rUJB!0YF=Md4oCAH6tf}Ez9@h# z86DOy3`{N8*wanLgHE-)}JA4}8fi|JHf#ZC|9wy3jtTL__$=`{=rw$kA!QR<#?0th?-@>hvA-nYA7D zvw6pP(x{A8;;;2+vMF+Co>zC9GpATTcsuwWw*XO(hb2(cNlrMC(9TzI42vwY?z;7%Mym8xi{L|dg?aI3H;K{m?We}8TeC{; z`)b%>=rc9ladYVg rfjVnPSgX&ftg)`W@IA_w6kF%FJoC`*^3*e7Klb`$aiaW((a-+}UCc@q diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md index 9a4928a3fe..f8d24cfa3a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/readme.md @@ -3,4 +3,4 @@ ## Description -This resource configures an Intune device configuration profile for an Windows 10 Device. +Intune Device Configuration Policy for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json index 6123ec197e..fd1ad15727 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/settings.json @@ -1,32 +1,33 @@ { "resourceName": "IntuneDeviceConfigurationPolicyWindows10", - "description": "This resource configures an Intune device configuration profile for an Windows 10 Device.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" - } - ], - "update": [ - { - "name": "DeviceManagementConfiguration.ReadWrite.All" - } - ] - } - } - } + "description": "This resource configures an Intune Device Configuration Policy for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + } + ], + "update": [ + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } +} + } diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 new file mode 100644 index 0000000000..ec0bee60aa --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-IntuneDeviceConfigurationPolicyWindows10-Example.ps1 @@ -0,0 +1,273 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneDeviceConfigurationPolicyWindows10 'Example' + { + AccountsBlockAddingNonMicrosoftAccountEmail = $False; + ActivateAppsWithVoice = "notConfigured"; + AntiTheftModeBlocked = $False; + AppManagementMSIAllowUserControlOverInstall = $False; + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $False; + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @(); + AppsAllowTrustedAppsSideloading = "notConfigured"; + AppsBlockWindowsStoreOriginatedApps = $False; + Assignments = @( + MSFT_DeviceManagementConfigurationPolicyAssignments{ + deviceAndAppManagementAssignmentFilterType = 'none' + dataType = '#microsoft.graph.allDevicesAssignmentTarget' + } + ); + AuthenticationAllowSecondaryDevice = $False; + AuthenticationWebSignIn = "notConfigured"; + BluetoothAllowedServices = @(); + BluetoothBlockAdvertising = $True; + BluetoothBlockDiscoverableMode = $False; + BluetoothBlocked = $True; + BluetoothBlockPrePairing = $True; + BluetoothBlockPromptedProximalConnections = $False; + CameraBlocked = $False; + CellularBlockDataWhenRoaming = $False; + CellularBlockVpn = $True; + CellularBlockVpnWhenRoaming = $True; + CellularData = "allowed"; + CertificatesBlockManualRootCertificateInstallation = $False; + ConnectedDevicesServiceBlocked = $False; + CopyPasteBlocked = $False; + CortanaBlocked = $False; + Credential = $Credscredential; + CryptographyAllowFipsAlgorithmPolicy = $False; + DefenderBlockEndUserAccess = $False; + DefenderBlockOnAccessProtection = $False; + DefenderCloudBlockLevel = "notConfigured"; + DefenderDisableCatchupFullScan = $False; + DefenderDisableCatchupQuickScan = $False; + DefenderFileExtensionsToExclude = @(); + DefenderFilesAndFoldersToExclude = @(); + DefenderMonitorFileActivity = "userDefined"; + DefenderPotentiallyUnwantedAppActionSetting = "userDefined"; + DefenderProcessesToExclude = @(); + DefenderPromptForSampleSubmission = "userDefined"; + DefenderRequireBehaviorMonitoring = $False; + DefenderRequireCloudProtection = $False; + DefenderRequireNetworkInspectionSystem = $False; + DefenderRequireRealTimeMonitoring = $False; + DefenderScanArchiveFiles = $False; + DefenderScanDownloads = $False; + DefenderScanIncomingMail = $False; + DefenderScanMappedNetworkDrivesDuringFullScan = $False; + DefenderScanNetworkFiles = $False; + DefenderScanRemovableDrivesDuringFullScan = $False; + DefenderScanScriptsLoadedInInternetExplorer = $False; + DefenderScanType = "userDefined"; + DefenderScheduleScanEnableLowCpuPriority = $False; + DefenderSystemScanSchedule = "userDefined"; + DeveloperUnlockSetting = "notConfigured"; + DeviceManagementBlockFactoryResetOnMobile = $False; + DeviceManagementBlockManualUnenroll = $False; + DiagnosticsDataSubmissionMode = "userDefined"; + DisplayAppListWithGdiDPIScalingTurnedOff = @(); + DisplayAppListWithGdiDPIScalingTurnedOn = @(); + DisplayName = "device config"; + EdgeAllowStartPagesModification = $False; + EdgeBlockAccessToAboutFlags = $False; + EdgeBlockAddressBarDropdown = $False; + EdgeBlockAutofill = $False; + EdgeBlockCompatibilityList = $False; + EdgeBlockDeveloperTools = $False; + EdgeBlocked = $False; + EdgeBlockEditFavorites = $False; + EdgeBlockExtensions = $False; + EdgeBlockFullScreenMode = $False; + EdgeBlockInPrivateBrowsing = $False; + EdgeBlockJavaScript = $False; + EdgeBlockLiveTileDataCollection = $False; + EdgeBlockPasswordManager = $False; + EdgeBlockPopups = $False; + EdgeBlockPrelaunch = $False; + EdgeBlockPrinting = $False; + EdgeBlockSavingHistory = $False; + EdgeBlockSearchEngineCustomization = $False; + EdgeBlockSearchSuggestions = $False; + EdgeBlockSendingDoNotTrackHeader = $False; + EdgeBlockSendingIntranetTrafficToInternetExplorer = $False; + EdgeBlockSideloadingExtensions = $False; + EdgeBlockTabPreloading = $False; + EdgeBlockWebContentOnNewTabPage = $False; + EdgeClearBrowsingDataOnExit = $False; + EdgeCookiePolicy = "userDefined"; + EdgeDisableFirstRunPage = $False; + EdgeFavoritesBarVisibility = "notConfigured"; + EdgeHomeButtonConfigurationEnabled = $False; + EdgeHomepageUrls = @(); + EdgeKioskModeRestriction = "notConfigured"; + EdgeOpensWith = "notConfigured"; + EdgePreventCertificateErrorOverride = $False; + EdgeRequiredExtensionPackageFamilyNames = @(); + EdgeRequireSmartScreen = $False; + EdgeSendIntranetTrafficToInternetExplorer = $False; + EdgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured"; + EdgeSyncFavoritesWithInternetExplorer = $False; + EdgeTelemetryForMicrosoft365Analytics = "notConfigured"; + EnableAutomaticRedeployment = $False; + Ensure = "Present"; + ExperienceBlockDeviceDiscovery = $False; + ExperienceBlockErrorDialogWhenNoSIM = $False; + ExperienceBlockTaskSwitcher = $False; + ExperienceDoNotSyncBrowserSettings = "notConfigured"; + FindMyFiles = "notConfigured"; + GameDvrBlocked = $True; + Id = "d48e4053-8e5f-4856-82d3-c9e293567135"; + InkWorkspaceAccess = "notConfigured"; + InkWorkspaceAccessState = "notConfigured"; + InkWorkspaceBlockSuggestedApps = $False; + InternetSharingBlocked = $False; + LocationServicesBlocked = $False; + LockScreenActivateAppsWithVoice = "notConfigured"; + LockScreenAllowTimeoutConfiguration = $False; + LockScreenBlockActionCenterNotifications = $False; + LockScreenBlockCortana = $False; + LockScreenBlockToastNotifications = $False; + LogonBlockFastUserSwitching = $False; + MessagingBlockMMS = $False; + MessagingBlockRichCommunicationServices = $False; + MessagingBlockSync = $False; + MicrosoftAccountBlocked = $False; + MicrosoftAccountBlockSettingsSync = $False; + MicrosoftAccountSignInAssistantSettings = "notConfigured"; + NetworkProxyApplySettingsDeviceWide = $False; + NetworkProxyDisableAutoDetect = $True; + NetworkProxyServer = MSFT_MicrosoftGraphwindows10NetworkProxyServer{ + UseForLocalAddresses = $True + Exceptions = @('*.domain2.com') + Address = 'proxy.domain.com:8080' + }; + NfcBlocked = $False; + OneDriveDisableFileSync = $False; + PasswordBlockSimple = $False; + PasswordRequired = $False; + PasswordRequiredType = "deviceDefault"; + PasswordRequireWhenResumeFromIdleState = $False; + PowerButtonActionOnBattery = "notConfigured"; + PowerButtonActionPluggedIn = "notConfigured"; + PowerHybridSleepOnBattery = "notConfigured"; + PowerHybridSleepPluggedIn = "notConfigured"; + PowerLidCloseActionOnBattery = "notConfigured"; + PowerLidCloseActionPluggedIn = "notConfigured"; + PowerSleepButtonActionOnBattery = "notConfigured"; + PowerSleepButtonActionPluggedIn = "notConfigured"; + PrinterBlockAddition = $False; + PrinterNames = @(); + PrivacyAdvertisingId = "notConfigured"; + PrivacyAutoAcceptPairingAndConsentPrompts = $False; + PrivacyBlockActivityFeed = $False; + PrivacyBlockInputPersonalization = $False; + PrivacyBlockPublishUserActivities = $False; + PrivacyDisableLaunchExperience = $False; + ResetProtectionModeBlocked = $False; + SafeSearchFilter = "userDefined"; + ScreenCaptureBlocked = $False; + SearchBlockDiacritics = $False; + SearchBlockWebResults = $False; + SearchDisableAutoLanguageDetection = $False; + SearchDisableIndexerBackoff = $False; + SearchDisableIndexingEncryptedItems = $False; + SearchDisableIndexingRemovableDrive = $False; + SearchDisableLocation = $False; + SearchDisableUseLocation = $False; + SearchEnableAutomaticIndexSizeManangement = $False; + SearchEnableRemoteQueries = $False; + SecurityBlockAzureADJoinedDevicesAutoEncryption = $False; + SettingsBlockAccountsPage = $False; + SettingsBlockAddProvisioningPackage = $False; + SettingsBlockAppsPage = $False; + SettingsBlockChangeLanguage = $False; + SettingsBlockChangePowerSleep = $False; + SettingsBlockChangeRegion = $False; + SettingsBlockChangeSystemTime = $False; + SettingsBlockDevicesPage = $False; + SettingsBlockEaseOfAccessPage = $False; + SettingsBlockEditDeviceName = $False; + SettingsBlockGamingPage = $False; + SettingsBlockNetworkInternetPage = $False; + SettingsBlockPersonalizationPage = $False; + SettingsBlockPrivacyPage = $False; + SettingsBlockRemoveProvisioningPackage = $False; + SettingsBlockSettingsApp = $False; + SettingsBlockSystemPage = $False; + SettingsBlockTimeLanguagePage = $False; + SettingsBlockUpdateSecurityPage = $False; + SharedUserAppDataAllowed = $False; + SmartScreenAppInstallControl = "notConfigured"; + SmartScreenBlockPromptOverride = $False; + SmartScreenBlockPromptOverrideForFiles = $False; + SmartScreenEnableAppInstallControl = $False; + StartBlockUnpinningAppsFromTaskbar = $False; + StartMenuAppListVisibility = "userDefined"; + StartMenuHideChangeAccountSettings = $False; + StartMenuHideFrequentlyUsedApps = $False; + StartMenuHideHibernate = $False; + StartMenuHideLock = $False; + StartMenuHidePowerButton = $False; + StartMenuHideRecentJumpLists = $False; + StartMenuHideRecentlyAddedApps = $False; + StartMenuHideRestartOptions = $False; + StartMenuHideShutDown = $False; + StartMenuHideSignOut = $False; + StartMenuHideSleep = $False; + StartMenuHideSwitchAccount = $False; + StartMenuHideUserTile = $False; + StartMenuMode = "userDefined"; + StartMenuPinnedFolderDocuments = "notConfigured"; + StartMenuPinnedFolderDownloads = "notConfigured"; + StartMenuPinnedFolderFileExplorer = "notConfigured"; + StartMenuPinnedFolderHomeGroup = "notConfigured"; + StartMenuPinnedFolderMusic = "notConfigured"; + StartMenuPinnedFolderNetwork = "notConfigured"; + StartMenuPinnedFolderPersonalFolder = "notConfigured"; + StartMenuPinnedFolderPictures = "notConfigured"; + StartMenuPinnedFolderSettings = "notConfigured"; + StartMenuPinnedFolderVideos = "notConfigured"; + StorageBlockRemovableStorage = $False; + StorageRequireMobileDeviceEncryption = $False; + StorageRestrictAppDataToSystemVolume = $False; + StorageRestrictAppInstallToSystemVolume = $False; + SupportsScopeTags = $True; + TaskManagerBlockEndTask = $False; + TenantLockdownRequireNetworkDuringOutOfBoxExperience = $False; + UninstallBuiltInApps = $False; + UsbBlocked = $False; + VoiceRecordingBlocked = $False; + WebRtcBlockLocalhostIpAddress = $False; + WiFiBlockAutomaticConnectHotspots = $False; + WiFiBlocked = $True; + WiFiBlockManualConfiguration = $True; + WindowsSpotlightBlockConsumerSpecificFeatures = $False; + WindowsSpotlightBlocked = $False; + WindowsSpotlightBlockOnActionCenter = $False; + WindowsSpotlightBlockTailoredExperiences = $False; + WindowsSpotlightBlockThirdPartyNotifications = $False; + WindowsSpotlightBlockWelcomeExperience = $False; + WindowsSpotlightBlockWindowsTips = $False; + WindowsSpotlightConfigureOnLockScreen = "notConfigured"; + WindowsStoreBlockAutoUpdate = $False; + WindowsStoreBlocked = $False; + WindowsStoreEnablePrivateStoreOnly = $False; + WirelessDisplayBlockProjectionToThisDevice = $False; + WirelessDisplayBlockUserInputFromReceiver = $False; + WirelessDisplayRequirePinForPairing = $False; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 deleted file mode 100644 index ac30bf3bc5..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneDeviceConfigurationPolicyWindows10/1-NewIntuneDeviceConfigurationPolicyWindows10.ps1 +++ /dev/null @@ -1,198 +0,0 @@ -<# -This example creates a new General Device Configuration Policy for Windows. -#> - -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $credsGlobalAdmin - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneDeviceConfigurationPolicyWindows10 'ConfigureDeviceConfigurationPolicyWindows10' - { - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = MSFT_IntuneDefenderDetectedMalwareActions - { - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $credsGlobalAdmin - } - } -} diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index 2fb1f46eb1..ce456ae5c3 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -352,13 +352,17 @@ function New-M365DSCResource if ($getListIdentifier -contains 'Filter') { $getAlternativeFilterString.appendline(" -Filter `"$alternativeKey eq '`$$alternativeKey'`" ``")|out-null - $getAlternativeFilterString.append(" -ErrorAction SilentlyContinue")|out-null + $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null + $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null + $getAlternativeFilterString.appendline(" `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null + $getAlternativeFilterString.append(" }")|out-null } else { $getAlternativeFilterString.appendline(" -ErrorAction SilentlyContinue | Where-Object ``")|out-null $getAlternativeFilterString.appendline(" -FilterScript { ``")|out-null $getAlternativeFilterString.appendline(" `$_.$alternativeKey -eq `"`$(`$$alternativeKey)`" ``")|out-null + $getAlternativeFilterString.appendline(" -and `$_.AdditionalProperties.'@odata.type' -eq `"`#microsoft.graph.$SelectedODataType`" ``")|out-null $getAlternativeFilterString.append(" }")|out-null } Write-TokenReplacement -Token '' -Value $getAlternativeFilterString.ToString() -FilePath $moduleFilePath @@ -1678,12 +1682,27 @@ function Get-ComplexTypeConstructorToString if ($nestedProperty.Type -like "*.Date*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } + $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString('$DateFormat')" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null @@ -1692,12 +1711,26 @@ function Get-ComplexTypeConstructorToString elseif ($nestedProperty.Type -like "*.Time*") { $nestedPropertyType=$nestedProperty.Type.split(".")|select-object -last 1 - $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "if (`$null -ne `$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "if (`$null -ne `$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $complexString.appendLine($spacing + "{" ) | Out-Null $IndentCount ++ $spacing = $indent * $IndentCount $AssignedPropertyName += ").ToString()" - $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + if ($isNested) + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$valuePrefix$AssignedPropertyName)" ) | Out-Null + } + else + { + $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', ([$nestedPropertyType]`$$referencePrefix$AssignedPropertyName)" ) | Out-Null + } $IndentCount -- $spacing = $indent * $IndentCount $complexString.appendLine($spacing + "}" ) | Out-Null diff --git a/ResourceGenerator/Module.Template.psm1 b/ResourceGenerator/Module.Template.psm1 index 56659937cf..cbb58f1d27 100644 --- a/ResourceGenerator/Module.Template.psm1 +++ b/ResourceGenerator/Module.Template.psm1 @@ -296,6 +296,7 @@ function Test-TargetResource } } + $ValuesToCheck.remove("Id") | Out-Null $ValuesToCheck.Remove('Credential') | Out-Null $ValuesToCheck.Remove('ApplicationId') | Out-Null $ValuesToCheck.Remove('TenantId') | Out-Null diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 index 4419ff4f27..09048ca2b6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationPolicyWindows10.Tests.ps1 @@ -2,1219 +2,2121 @@ param( ) $M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve + -ChildPath "..\..\Unit" ` + -Resolve $CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) + -ChildPath "\Stubs\Microsoft365.psm1" ` + -Resolve) $GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) + -ChildPath "\Stubs\Generic.psm1" ` + -Resolve) Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` + -ChildPath "\UnitTestHelper.psm1" ` -Resolve) $Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource 'IntuneDeviceConfigurationPolicyWindows10' -GenericStubModule $GenericStubPath - + -DscResource "IntuneDeviceConfigurationPolicyWindows10" -GenericStubModule $GenericStubPath Describe -Name $Global:DscHelper.DescribeHeader -Fixture { InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - $secpasswd = ConvertTo-SecureString 'Pass@word1' -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + $secpasswd = ConvertTo-SecureString "f@kepassword1" -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ("tenantadmin@mydomain.com", $secpasswd) Mock -CommandName Confirm-M365DSCDependencies -MockWith { } - Mock -CommandName New-M365DSCConnection -MockWith { - return 'Credentials' + Mock -CommandName Get-PSSession -MockWith { } - Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName Remove-PSSession -MockWith { } Mock -CommandName Update-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + Mock -CommandName New-MgDeviceManagementDeviceConfiguration -MockWith { } - Mock -CommandName Get-MGDeviceManagementDeviceConfigurationAssignment -MockWith { + Mock -CommandName Remove-MgDeviceManagementDeviceConfiguration -MockWith { + } - return @() + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" } - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { + Mock -CommandName Get-MgDeviceManagementDeviceConfigurationAssignment -MockWith { } - } + } # Test contexts - Context -Name "When the policy doesn't already exist" -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 should exist but it DOES NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - #edgeSearchEngine = "https://go.microsoft.com/fwlink/?linkid=842596" #'Google' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return $null } } - - It 'Should return absent from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' } - It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - - It 'Should create the policy from the Set method' { + It 'Should Create the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName 'New-MgDeviceManagementDeviceConfiguration' -Exactly 1 + Should -Invoke -CommandName New-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'When the policy already exists and is NOT in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists but it SHOULD NOT" -Fixture { BeforeAll { $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Absent" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $false # Drift - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return false from the Test method' { + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should update the policy from the Set method' { + It 'Should Remove the group from the Set method' { Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - - Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 Exists and Values are already in the desired state" -Fixture { BeforeAll { - $testParams = @{ - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = 'bing' - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') - Ensure = 'Present' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } + It 'Should return true from the Test method' { Test-TargetResource @testParams | Should -Be $true } } - Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + Context -Name "The IntuneDeviceConfigurationPolicyWindows10 exists and values are NOT in the desired state" -Fixture { BeforeAll { $testParams = @{ - DisplayName = 'CONTOSO | W10 | Device Restriction' - Ensure = 'Absent' - Credential = $Credential + AccountsBlockAddingNonMicrosoftAccountEmail = $True + ActivateAppsWithVoice = "notConfigured" + AntiTheftModeBlocked = $True + AppManagementMSIAllowUserControlOverInstall = $True + AppManagementMSIAlwaysInstallWithElevatedPrivileges = $True + AppManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + AppsAllowTrustedAppsSideloading = "notConfigured" + AppsBlockWindowsStoreOriginatedApps = $True + AuthenticationAllowSecondaryDevice = $True + AuthenticationPreferredAzureADTenantDomainName = "FakeStringValue" + AuthenticationWebSignIn = "notConfigured" + BluetoothAllowedServices = @("FakeStringValue") + BluetoothBlockAdvertising = $True + BluetoothBlockDiscoverableMode = $True + BluetoothBlocked = $True + BluetoothBlockPrePairing = $True + BluetoothBlockPromptedProximalConnections = $True + CameraBlocked = $True + CellularBlockDataWhenRoaming = $True + CellularBlockVpn = $True + CellularBlockVpnWhenRoaming = $True + CellularData = "blocked" + CertificatesBlockManualRootCertificateInstallation = $True + ConfigureTimeZone = "FakeStringValue" + ConnectedDevicesServiceBlocked = $True + CopyPasteBlocked = $True + CortanaBlocked = $True + CryptographyAllowFipsAlgorithmPolicy = $True + DataProtectionBlockDirectMemoryAccess = $True + DefenderBlockEndUserAccess = $True + DefenderBlockOnAccessProtection = $True + DefenderCloudBlockLevel = "notConfigured" + DefenderCloudExtendedTimeout = 25 + DefenderCloudExtendedTimeoutInSeconds = 25 + DefenderDaysBeforeDeletingQuarantinedMalware = 25 + defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_MicrosoftGraphdefenderDetectedMalwareActions1 -Property @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } -ClientOnly) + defenderDisableCatchupFullScan = $True + defenderDisableCatchupQuickScan = $True + defenderFileExtensionsToExclude = @("FakeStringValue") + defenderFilesAndFoldersToExclude = @("FakeStringValue") + defenderMonitorFileActivity = "userDefined" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderProcessesToExclude = @("FakeStringValue") + defenderPromptForSampleSubmission = "userDefined" + defenderRequireBehaviorMonitoring = $True + defenderRequireCloudProtection = $True + defenderRequireNetworkInspectionSystem = $True + defenderRequireRealTimeMonitoring = $True + defenderScanArchiveFiles = $True + defenderScanDownloads = $True + defenderScanIncomingMail = $True + defenderScanMappedNetworkDrivesDuringFullScan = $True + defenderScanMaxCpu = 25 + defenderScanNetworkFiles = $True + defenderScanRemovableDrivesDuringFullScan = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderScanType = "userDefined" + defenderScheduledQuickScanTime = "00:00:00" + defenderScheduledScanTime = "00:00:00" + defenderScheduleScanEnableLowCpuPriority = $True + defenderSignatureUpdateIntervalInHours = 25 + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + defenderSystemScanSchedule = "userDefined" + description = "FakeStringValue" + developerUnlockSetting = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + deviceManagementBlockManualUnenroll = $True + diagnosticsDataSubmissionMode = "userDefined" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + displayName = "FakeStringValue" + edgeAllowStartPagesModification = $True + edgeBlockAccessToAboutFlags = $True + edgeBlockAddressBarDropdown = $True + edgeBlockAutofill = $True + edgeBlockCompatibilityList = $True + edgeBlockDeveloperTools = $True + edgeBlocked = $True + edgeBlockEditFavorites = $True + edgeBlockExtensions = $True + edgeBlockFullScreenMode = $True + edgeBlockInPrivateBrowsing = $True + edgeBlockJavaScript = $True + edgeBlockLiveTileDataCollection = $True + edgeBlockPasswordManager = $True + edgeBlockPopups = $True + edgeBlockPrelaunch = $True + edgeBlockPrinting = $True + edgeBlockSavingHistory = $True + edgeBlockSearchEngineCustomization = $True + edgeBlockSearchSuggestions = $True + edgeBlockSendingDoNotTrackHeader = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + edgeBlockSideloadingExtensions = $True + edgeBlockTabPreloading = $True + edgeBlockWebContentOnNewTabPage = $True + edgeClearBrowsingDataOnExit = $True + edgeCookiePolicy = "userDefined" + edgeDisableFirstRunPage = $True + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + edgeFavoritesBarVisibility = "notConfigured" + edgeFavoritesListLocation = "FakeStringValue" + edgeFirstRunUrl = "FakeStringValue" + edgeHomeButtonConfiguration = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeHomeButtonConfiguration -Property @{ + odataType = "#microsoft.graph.edgeHomeButtonHidden" + homeButtonCustomURL = "FakeStringValue" + } -ClientOnly) + edgeHomeButtonConfigurationEnabled = $True + edgeHomepageUrls = @("FakeStringValue") + edgeKioskModeRestriction = "notConfigured" + edgeKioskResetAfterIdleTimeInMinutes = 25 + edgeNewTabPageURL = "FakeStringValue" + edgeOpensWith = "notConfigured" + edgePreventCertificateErrorOverride = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + edgeRequireSmartScreen = $True + edgeSearchEngine = (New-CimInstance -ClassName MSFT_MicrosoftGraphedgeSearchEngineBase -Property @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + odataType = "#microsoft.graph.edgeSearchEngine" + } -ClientOnly) + edgeSendIntranetTrafficToInternetExplorer = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + edgeSyncFavoritesWithInternetExplorer = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + enableAutomaticRedeployment = $True + energySaverOnBatteryThresholdPercentage = 25 + energySaverPluggedInThresholdPercentage = 25 + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + enterpriseCloudPrintDiscoveryMaxLimit = 25 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + experienceBlockErrorDialogWhenNoSIM = $True + experienceBlockTaskSwitcher = $True + experienceDoNotSyncBrowserSettings = "notConfigured" + findMyFiles = "notConfigured" + gameDvrBlocked = $True + id = "FakeStringValue" + inkWorkspaceAccess = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + inkWorkspaceBlockSuggestedApps = $True + internetSharingBlocked = $True + locationServicesBlocked = $True + lockScreenActivateAppsWithVoice = "notConfigured" + lockScreenAllowTimeoutConfiguration = $True + lockScreenBlockActionCenterNotifications = $True + lockScreenBlockCortana = $True + lockScreenBlockToastNotifications = $True + lockScreenTimeoutInSeconds = 25 + logonBlockFastUserSwitching = $True + messagingBlockMMS = $True + messagingBlockRichCommunicationServices = $True + messagingBlockSync = $True + microsoftAccountBlocked = $True + microsoftAccountBlockSettingsSync = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + networkProxyApplySettingsDeviceWide = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + networkProxyDisableAutoDetect = $True + networkProxyServer = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10NetworkProxyServer -Property @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } -ClientOnly) + nfcBlocked = $True + oneDriveDisableFileSync = $True + passwordBlockSimple = $True + passwordExpirationDays = 25 + passwordMinimumAgeInDays = 25 + passwordMinimumCharacterSetCount = 25 + passwordMinimumLength = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + passwordPreviousPasswordBlockCount = 25 + passwordRequired = $True + passwordRequiredType = "deviceDefault" + passwordRequireWhenResumeFromIdleState = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + personalizationDesktopImageUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + powerButtonActionOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + powerHybridSleepOnBattery = "notConfigured" + powerHybridSleepPluggedIn = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + powerSleepButtonActionPluggedIn = "notConfigured" + printerBlockAddition = $True + printerDefaultName = "FakeStringValue" + printerNames = @("FakeStringValue") + privacyAdvertisingId = "notConfigured" + privacyAutoAcceptPairingAndConsentPrompts = $True + privacyBlockActivityFeed = $True + privacyBlockInputPersonalization = $True + privacyBlockPublishUserActivities = $True + privacyDisableLaunchExperience = $True + resetProtectionModeBlocked = $True + safeSearchFilter = "userDefined" + screenCaptureBlocked = $True + searchBlockDiacritics = $True + searchBlockWebResults = $True + searchDisableAutoLanguageDetection = $True + searchDisableIndexerBackoff = $True + searchDisableIndexingEncryptedItems = $True + searchDisableIndexingRemovableDrive = $True + searchDisableLocation = $True + searchDisableUseLocation = $True + searchEnableAutomaticIndexSizeManangement = $True + searchEnableRemoteQueries = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + settingsBlockAccountsPage = $True + settingsBlockAddProvisioningPackage = $True + settingsBlockAppsPage = $True + settingsBlockChangeLanguage = $True + settingsBlockChangePowerSleep = $True + settingsBlockChangeRegion = $True + settingsBlockChangeSystemTime = $True + settingsBlockDevicesPage = $True + settingsBlockEaseOfAccessPage = $True + settingsBlockEditDeviceName = $True + settingsBlockGamingPage = $True + settingsBlockNetworkInternetPage = $True + settingsBlockPersonalizationPage = $True + settingsBlockPrivacyPage = $True + settingsBlockRemoveProvisioningPackage = $True + settingsBlockSettingsApp = $True + settingsBlockSystemPage = $True + settingsBlockTimeLanguagePage = $True + settingsBlockUpdateSecurityPage = $True + sharedUserAppDataAllowed = $True + smartScreenAppInstallControl = "notConfigured" + smartScreenBlockPromptOverride = $True + smartScreenBlockPromptOverrideForFiles = $True + smartScreenEnableAppInstallControl = $True + startBlockUnpinningAppsFromTaskbar = $True + startMenuAppListVisibility = "userDefined" + startMenuHideChangeAccountSettings = $True + startMenuHideFrequentlyUsedApps = $True + startMenuHideHibernate = $True + startMenuHideLock = $True + startMenuHidePowerButton = $True + startMenuHideRecentJumpLists = $True + startMenuHideRecentlyAddedApps = $True + startMenuHideRestartOptions = $True + startMenuHideShutDown = $True + startMenuHideSignOut = $True + startMenuHideSleep = $True + startMenuHideSwitchAccount = $True + startMenuHideUserTile = $True + startMenuLayoutEdgeAssetsXml = $True + startMenuLayoutXml = $True + startMenuMode = "userDefined" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + startMenuPinnedFolderFileExplorer = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + startMenuPinnedFolderMusic = "notConfigured" + startMenuPinnedFolderNetwork = "notConfigured" + startMenuPinnedFolderPersonalFolder = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + startMenuPinnedFolderSettings = "notConfigured" + startMenuPinnedFolderVideos = "notConfigured" + storageBlockRemovableStorage = $True + storageRequireMobileDeviceEncryption = $True + storageRestrictAppDataToSystemVolume = $True + storageRestrictAppInstallToSystemVolume = $True + supportsScopeTags = $True + systemTelemetryProxyServer = "FakeStringValue" + taskManagerBlockEndTask = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + uninstallBuiltInApps = $True + usbBlocked = $True + voiceRecordingBlocked = $True + webRtcBlockLocalhostIpAddress = $True + wiFiBlockAutomaticConnectHotspots = $True + wiFiBlocked = $True + wiFiBlockManualConfiguration = $True + wiFiScanInterval = 25 + windows10AppsForceUpdateSchedule = (New-CimInstance -ClassName MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule -Property @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } -ClientOnly) + windowsSpotlightBlockConsumerSpecificFeatures = $True + windowsSpotlightBlocked = $True + windowsSpotlightBlockOnActionCenter = $True + windowsSpotlightBlockTailoredExperiences = $True + windowsSpotlightBlockThirdPartyNotifications = $True + windowsSpotlightBlockWelcomeExperience = $True + windowsSpotlightBlockWindowsTips = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + windowsStoreBlockAutoUpdate = $True + windowsStoreBlocked = $True + windowsStoreEnablePrivateStoreOnly = $True + wirelessDisplayBlockProjectionToThisDevice = $True + wirelessDisplayBlockUserInputFromReceiver = $True + wirelessDisplayRequirePinForPairing = $True + Ensure = "Present" + Credential = $Credential; } Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{'@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = (New-CimInstance -ClassName MSFT_IntuneDefenderDetectedMalwareActions -Property @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' - } -ClientOnly) - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + AdditionalProperties = @{ + energySaverOnBatteryThresholdPercentage = 7 + edgeHomepageUrls = @("FakeStringValue") + startMenuPinnedFolderSettings = "notConfigured" + powerLidCloseActionPluggedIn = "notConfigured" + passwordMinimumLength = 7 + configureTimeZone = "FakeStringValue" + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + safeSearchFilter = "userDefined" + edgeKioskModeRestriction = "notConfigured" + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + personalizationLockScreenImageUrl = "FakeStringValue" + startMenuPinnedFolderDocuments = "notConfigured" + startMenuPinnedFolderDownloads = "notConfigured" + diagnosticsDataSubmissionMode = "userDefined" + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + cellularData = "blocked" + defenderScanMaxCpu = 7 + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + passwordMinimumCharacterSetCount = 7 + edgeOpensWith = "notConfigured" + defenderScanType = "userDefined" + printerNames = @("FakeStringValue") + authenticationWebSignIn = "notConfigured" + defenderPromptForSampleSubmission = "userDefined" + powerHybridSleepOnBattery = "notConfigured" + powerButtonActionPluggedIn = "notConfigured" + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + lockScreenTimeoutInSeconds = 7 + defenderSystemScanSchedule = "userDefined" + powerHybridSleepPluggedIn = "notConfigured" + passwordMinimumAgeInDays = 7 + startMenuPinnedFolderVideos = "notConfigured" + privacyAdvertisingId = "notConfigured" + edgeCookiePolicy = "userDefined" + wiFiScanInterval = 7 + findMyFiles = "notConfigured" + powerLidCloseActionOnBattery = "notConfigured" + inkWorkspaceAccessState = "notConfigured" + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + defenderFilesAndFoldersToExclude = @("FakeStringValue") + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + developerUnlockSetting = "notConfigured" + defenderFileExtensionsToExclude = @("FakeStringValue") + systemTelemetryProxyServer = "FakeStringValue" + startMenuMode = "userDefined" + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + windowsSpotlightConfigureOnLockScreen = "notConfigured" + experienceDoNotSyncBrowserSettings = "notConfigured" + powerSleepButtonActionOnBattery = "notConfigured" + defenderSignatureUpdateIntervalInHours = 7 + enterpriseCloudPrintDiscoveryMaxLimit = 7 + startMenuPinnedFolderPersonalFolder = "notConfigured" + edgeNewTabPageURL = "FakeStringValue" + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + defenderCloudBlockLevel = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + defenderCloudExtendedTimeoutInSeconds = 7 + edgeFavoritesListLocation = "FakeStringValue" + startMenuPinnedFolderNetwork = "notConfigured" + powerButtonActionOnBattery = "notConfigured" + passwordRequiredType = "deviceDefault" + powerSleepButtonActionPluggedIn = "notConfigured" + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + lockScreenActivateAppsWithVoice = "notConfigured" + edgeFavoritesBarVisibility = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } + energySaverPluggedInThresholdPercentage = 7 + inkWorkspaceAccess = "notConfigured" + activateAppsWithVoice = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScheduledQuickScanTime = "00:00:00" + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + startMenuAppListVisibility = "userDefined" + windows10AppsForceUpdateSchedule = @{ + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + recurrence = "none" + } + networkProxyServer = @{ + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderMusic = "notConfigured" + passwordExpirationDays = 7 + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + printerDefaultName = "FakeStringValue" + personalizationDesktopImageUrl = "FakeStringValue" + microsoftAccountSignInAssistantSettings = "notConfigured" + edgeFirstRunUrl = "FakeStringValue" + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + defenderPotentiallyUnwantedAppAction = "deviceDefault" + bluetoothAllowedServices = @("FakeStringValue") + defenderCloudExtendedTimeout = 7 + startMenuPinnedFolderFileExplorer = "notConfigured" + passwordMinutesOfInactivityBeforeScreenTimeout = 7 + smartScreenAppInstallControl = "notConfigured" + startMenuPinnedFolderHomeGroup = "notConfigured" + passwordSignInFailureCountBeforeFactoryReset = 7 + defenderMonitorFileActivity = "userDefined" + edgeKioskResetAfterIdleTimeInMinutes = 7 + defenderProcessesToExclude = @("FakeStringValue") + defenderDaysBeforeDeletingQuarantinedMalware = 7 + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderScheduledScanTime = "00:00:00" + passwordPreviousPasswordBlockCount = 7 + } + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" } } } - It 'Should return Present from the Get method' { + It "Should return Values from the Get method" { (Get-TargetResource @testParams).Ensure | Should -Be 'Present' } - It 'Should return true from the Test method' { + It 'Should return false from the Test method' { Test-TargetResource @testParams | Should -Be $false } - It 'Should remove the policy from the Set method' { + It "Should call the Set method" { Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgDeviceManagementDeviceConfiguration -Exactly 1 + Should -Invoke -CommandName Update-MgDeviceManagementDeviceConfiguration -Exactly 1 } } - Context -Name 'ReverseDSC Tests' -Fixture { + Context -Name "ReverseDSC Tests" -Fixture { BeforeAll { $Global:CurrentModeIsExport = $true $Global:PartialExportFileName = "$(New-Guid).partial.ps1" @@ -1224,190 +2126,320 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgDeviceManagementDeviceConfiguration -MockWith { return @{ - id = '12345-12345-12345-12345-12345' - AdditionalProperties = @{ - '@odata.type' = '#microsoft.graph.windows10GeneralConfiguration' - } - displayName = 'CONTOSO | W10 | Device Restriction' - description = 'Default device restriction settings' - defenderBlockEndUserAccess = $true - defenderRequireRealTimeMonitoring = $true - defenderRequireBehaviorMonitoring = $true - defenderRequireNetworkInspectionSystem = $true - defenderScanDownloads = $true - defenderScanScriptsLoadedInInternetExplorer = $true - defenderSignatureUpdateIntervalInHours = 8 - defenderMonitorFileActivity = 'monitorIncomingFilesOnly' # userDefined,monitorAllFiles,monitorIncomingFilesOnly,monitorOutgoingFilesOnly - defenderDaysBeforeDeletingQuarantinedMalware = 3 - defenderScanMaxCpu = 2 - defenderScanArchiveFiles = $true - defenderScanIncomingMail = $true - defenderScanRemovableDrivesDuringFullScan = $true - defenderScanMappedNetworkDrivesDuringFullScan = $false - defenderScanNetworkFiles = $false - defenderRequireCloudProtection = $true - defenderCloudBlockLevel = 'high' - defenderPromptForSampleSubmission = 'alwaysPrompt' - defenderScheduledQuickScanTime = '13:00:00.0000000' - defenderScanType = 'quick' #quick,full,userDefined - defenderSystemScanSchedule = 'monday' #days of week - defenderScheduledScanTime = '11:00:00.0000000' - defenderDetectedMalwareActions = @{ - lowSeverity = 'clean' - moderateSeverity = 'quarantine' - highSeverity = 'remove' - severeSeverity = 'block' + AdditionalProperties = @{ + enterpriseCloudPrintResourceIdentifier = "FakeStringValue" + startMenuHideSwitchAccount = $True + defenderBlockEndUserAccess = $True + searchEnableAutomaticIndexSizeManangement = $True + defenderRequireNetworkInspectionSystem = $True + settingsBlockGamingPage = $True + smartScreenBlockPromptOverrideForFiles = $True + passwordBlockSimple = $True + powerLidCloseActionPluggedIn = "notConfigured" + defenderRequireCloudProtection = $True + defenderFilesAndFoldersToExclude = @("FakeStringValue") + resetProtectionModeBlocked = $True + startBlockUnpinningAppsFromTaskbar = $True + networkProxyApplySettingsDeviceWide = $True + bluetoothAllowedServices = @("FakeStringValue") + defenderScanArchiveFiles = $True + lockScreenActivateAppsWithVoice = "notConfigured" + defenderScanIncomingMail = $True + edgeBlockAutofill = $True + authenticationAllowSecondaryDevice = $True + edgeRequireSmartScreen = $True + windowsSpotlightBlockOnActionCenter = $True + usbBlocked = $True + enableAutomaticRedeployment = $True + microsoftAccountSignInAssistantSettings = "notConfigured" + deviceManagementBlockFactoryResetOnMobile = $True + defenderPotentiallyUnwantedAppAction = "deviceDefault" + powerButtonActionOnBattery = "notConfigured" + startMenuAppListVisibility = "userDefined" + lockScreenBlockCortana = $True + windowsSpotlightConfigureOnLockScreen = "notConfigured" + startMenuPinnedFolderPictures = "notConfigured" + screenCaptureBlocked = $True + webRtcBlockLocalhostIpAddress = $True + safeSearchFilter = "userDefined" + searchDisableLocation = $True + edgeBlockInPrivateBrowsing = $True + appManagementMSIAllowUserControlOverInstall = $True + defenderSignatureUpdateIntervalInHours = 25 + startMenuHideSleep = $True + voiceRecordingBlocked = $True + edgeFavoritesListLocation = "FakeStringValue" + startMenuHideLock = $True + wiFiBlockManualConfiguration = $True + edgeBlockTabPreloading = $True + configureTimeZone = "FakeStringValue" + edgeBlocked = $True + taskManagerBlockEndTask = $True + settingsBlockAppsPage = $True + settingsBlockChangePowerSleep = $True + copyPasteBlocked = $True + settingsBlockNetworkInternetPage = $True + privacyBlockInputPersonalization = $True + appManagementPackageFamilyNamesToLaunchAfterLogOn = @("FakeStringValue") + powerLidCloseActionOnBattery = "notConfigured" + searchDisableIndexerBackoff = $True + edgeBlockFullScreenMode = $True + lockScreenTimeoutInSeconds = 25 + developerUnlockSetting = "notConfigured" + storageRestrictAppDataToSystemVolume = $True + cellularBlockVpn = $True + powerHybridSleepPluggedIn = "notConfigured" + settingsBlockChangeLanguage = $True + powerSleepButtonActionOnBattery = "notConfigured" + antiTheftModeBlocked = $True + defenderMonitorFileActivity = "userDefined" + defenderFileExtensionsToExclude = @("FakeStringValue") + bluetoothBlockDiscoverableMode = $True + enterpriseCloudPrintOAuthClientIdentifier = "FakeStringValue" + diagnosticsDataSubmissionMode = "userDefined" + uninstallBuiltInApps = $True + oneDriveDisableFileSync = $True + startMenuHideUserTile = $True + startMenuHideSignOut = $True + defenderDaysBeforeDeletingQuarantinedMalware = 25 + privacyAutoAcceptPairingAndConsentPrompts = $True + settingsBlockChangeRegion = $True + passwordMinimumAgeInDays = 25 + powerHybridSleepOnBattery = "notConfigured" + displayAppListWithGdiDPIScalingTurnedOn = @("FakeStringValue") + edgeBlockSearchSuggestions = $True + settingsBlockSystemPage = $True + defenderRequireBehaviorMonitoring = $True + microsoftAccountBlockSettingsSync = $True + windowsSpotlightBlockWindowsTips = $True + startMenuHideRecentlyAddedApps = $True + inkWorkspaceBlockSuggestedApps = $True + personalizationDesktopImageUrl = "FakeStringValue" + edgeHomeButtonConfigurationEnabled = $True + passwordRequiredType = "deviceDefault" + startMenuPinnedFolderSettings = "notConfigured" + connectedDevicesServiceBlocked = $True + edgeBlockExtensions = $True + edgeBlockAddressBarDropdown = $True + findMyFiles = "notConfigured" + privacyBlockPublishUserActivities = $True + startMenuHideFrequentlyUsedApps = $True + '@odata.type' = "#microsoft.graph.windows10GeneralConfiguration" + powerSleepButtonActionPluggedIn = "notConfigured" + internetSharingBlocked = $True + startMenuHidePowerButton = $True + networkProxyAutomaticConfigurationUrl = "FakeStringValue" + personalizationLockScreenImageUrl = "FakeStringValue" + bluetoothBlockPrePairing = $True + windowsSpotlightBlockWelcomeExperience = $True + startMenuHideShutDown = $True + storageRestrictAppInstallToSystemVolume = $True + windowsSpotlightBlockThirdPartyNotifications = $True + searchDisableAutoLanguageDetection = $True + edgeShowMessageWhenOpeningInternetExplorerSites = "notConfigured" + appsAllowTrustedAppsSideloading = "notConfigured" + edgeBlockLiveTileDataCollection = $True + wirelessDisplayBlockProjectionToThisDevice = $True + startMenuHideRestartOptions = $True + edgeSendIntranetTrafficToInternetExplorer = $True + startMenuPinnedFolderHomeGroup = "notConfigured" + edgeBlockWebContentOnNewTabPage = $True + startMenuLayoutXml = $True + searchBlockDiacritics = $True + storageBlockRemovableStorage = $True + enterpriseCloudPrintOAuthAuthority = "FakeStringValue" + wirelessDisplayRequirePinForPairing = $True + defenderScheduledQuickScanTime = "00:00:00" + edgeAllowStartPagesModification = $True + defenderRequireRealTimeMonitoring = $True + authenticationWebSignIn = "notConfigured" + lockScreenBlockToastNotifications = $True + energySaverPluggedInThresholdPercentage = 25 + defenderScanMappedNetworkDrivesDuringFullScan = $True + smartScreenBlockPromptOverride = $True + edgeBlockSendingIntranetTrafficToInternetExplorer = $True + authenticationPreferredAzureADTenantDomainName = "FakeStringValue" + defenderScanType = "userDefined" + bluetoothBlockAdvertising = $True + enterpriseCloudPrintDiscoveryMaxLimit = 25 + logonBlockFastUserSwitching = $True + networkProxyDisableAutoDetect = $True + cameraBlocked = $True + wiFiScanInterval = 25 + edgeBlockSideloadingExtensions = $True + settingsBlockEaseOfAccessPage = $True + microsoftAccountBlocked = $True + defenderScanRemovableDrivesDuringFullScan = $True + energySaverOnBatteryThresholdPercentage = 25 + startMenuHideHibernate = $True + defenderScanDownloads = $True + defenderBlockOnAccessProtection = $True + defenderCloudBlockLevel = "notConfigured" + storageRequireMobileDeviceEncryption = $True + windowsStoreEnablePrivateStoreOnly = $True + edgeBlockCompatibilityList = $True + wiFiBlockAutomaticConnectHotspots = $True + defenderPotentiallyUnwantedAppActionSetting = "userDefined" + defenderCloudExtendedTimeout = 25 + edgeHomepageUrls = @("FakeStringValue") + cellularBlockDataWhenRoaming = $True + securityBlockAzureADJoinedDevicesAutoEncryption = $True + smartScreenAppInstallControl = "notConfigured" + enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = "FakeStringValue" + bluetoothBlockPromptedProximalConnections = $True + settingsBlockPrivacyPage = $True + windowsSpotlightBlocked = $True + tenantLockdownRequireNetworkDuringOutOfBoxExperience = $True + startMenuPinnedFolderDocuments = "notConfigured" + systemTelemetryProxyServer = "FakeStringValue" + lockScreenAllowTimeoutConfiguration = $True + defenderSystemScanSchedule = "userDefined" + windowsSpotlightBlockConsumerSpecificFeatures = $True + searchDisableUseLocation = $True + appsBlockWindowsStoreOriginatedApps = $True + startMenuPinnedFolderNetwork = "notConfigured" + edgeBlockPrinting = $True + settingsBlockEditDeviceName = $True + printerNames = @("FakeStringValue") + settingsBlockUpdateSecurityPage = $True + startMenuMode = "userDefined" + searchBlockWebResults = $True + edgePreventCertificateErrorOverride = $True + passwordRequired = $True + defenderScanNetworkFiles = $True + startMenuPinnedFolderMusic = "notConfigured" + cortanaBlocked = $True + searchEnableRemoteQueries = $True + messagingBlockSync = $True + startMenuPinnedFolderVideos = "notConfigured" + enterpriseCloudPrintDiscoveryEndPoint = "FakeStringValue" + experienceDoNotSyncBrowserSettings = "notConfigured" + edgeDisableFirstRunPage = $True + edgeCookiePolicy = "userDefined" + inkWorkspaceAccessState = "notConfigured" + windows10AppsForceUpdateSchedule = @{ + runImmediatelyIfAfterStartDateTime = $True + recurrence = "none" + startDateTime = "2023-01-01T00:00:00.0000000+00:00" + } + dataProtectionBlockDirectMemoryAccess = $True + experienceBlockErrorDialogWhenNoSIM = $True + settingsBlockPersonalizationPage = $True + wirelessDisplayBlockUserInputFromReceiver = $True + startMenuPinnedFolderPersonalFolder = "notConfigured" + activateAppsWithVoice = "notConfigured" + edgeClearBrowsingDataOnExit = $True + passwordPreviousPasswordBlockCount = 25 + edgeBlockSearchEngineCustomization = $True + deviceManagementBlockManualUnenroll = $True + edgeBlockSavingHistory = $True + inkWorkspaceAccess = "notConfigured" + startMenuHideRecentJumpLists = $True + privacyBlockActivityFeed = $True + settingsBlockChangeSystemTime = $True + defenderDisableCatchupQuickScan = $True + smartScreenEnableAppInstallControl = $True + edgeBlockDeveloperTools = $True + edgeKioskModeRestriction = "notConfigured" + lockScreenBlockActionCenterNotifications = $True + privacyAdvertisingId = "notConfigured" + settingsBlockSettingsApp = $True + settingsBlockAccountsPage = $True + certificatesBlockManualRootCertificateInstallation = $True + edgeBlockJavaScript = $True + edgeSyncFavoritesWithInternetExplorer = $True + startMenuLayoutEdgeAssetsXml = $True + windowsSpotlightBlockTailoredExperiences = $True + defenderPromptForSampleSubmission = "userDefined" + edgeBlockAccessToAboutFlags = $True + messagingBlockMMS = $True + edgeBlockEditFavorites = $True + printerDefaultName = "FakeStringValue" + experienceBlockDeviceDiscovery = $True + privacyDisableLaunchExperience = $True + edgeTelemetryForMicrosoft365Analytics = "notConfigured" + nfcBlocked = $True + searchDisableIndexingRemovableDrive = $True + powerButtonActionPluggedIn = "notConfigured" + settingsBlockRemoveProvisioningPackage = $True + edgeKioskResetAfterIdleTimeInMinutes = 25 + passwordMinutesOfInactivityBeforeScreenTimeout = 25 + printerBlockAddition = $True + defenderScanScriptsLoadedInInternetExplorer = $True + defenderDisableCatchupFullScan = $True + edgeRequiredExtensionPackageFamilyNames = @("FakeStringValue") + bluetoothBlocked = $True + settingsBlockAddProvisioningPackage = $True + passwordMinimumLength = 25 + startMenuHideChangeAccountSettings = $True + defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" + edgeBlockPopups = $True + networkProxyServer = @{ + useForLocalAddresses = $True + exceptions = @("FakeStringValue") + address = "FakeStringValue" + } + startMenuPinnedFolderDownloads = "notConfigured" + settingsBlockDevicesPage = $True + wiFiBlocked = $True + windowsStoreBlocked = $True + edgeBlockPrelaunch = $True + gameDvrBlocked = $True + experienceBlockTaskSwitcher = $True + edgeBlockPasswordManager = $True + passwordSignInFailureCountBeforeFactoryReset = 25 + passwordMinimumCharacterSetCount = 25 + searchDisableIndexingEncryptedItems = $True + appManagementMSIAlwaysInstallWithElevatedPrivileges = $True + cellularData = "blocked" + defenderScheduledScanTime = "00:00:00" + edgeEnterpriseModeSiteListLocation = "FakeStringValue" + defenderProcessesToExclude = @("FakeStringValue") + defenderDetectedMalwareActions = @{ + lowSeverity = "deviceDefault" + severeSeverity = "deviceDefault" + moderateSeverity = "deviceDefault" + highSeverity = "deviceDefault" + } + edgeHomeButtonConfiguration = @{ + homeButtonCustomURL = "FakeStringValue" + '@odata.type' = "#microsoft.graph.edgeHomeButtonHidden" + } + cryptographyAllowFipsAlgorithmPolicy = $True + sharedUserAppDataAllowed = $True + edgeFirstRunUrl = "FakeStringValue" + edgeBlockSendingDoNotTrackHeader = $True + edgeOpensWith = "notConfigured" + defenderScheduleScanEnableLowCpuPriority = $True + windowsStoreBlockAutoUpdate = $True + messagingBlockRichCommunicationServices = $True + edgeNewTabPageURL = "FakeStringValue" + passwordRequireWhenResumeFromIdleState = $True + passwordExpirationDays = 25 + displayAppListWithGdiDPIScalingTurnedOff = @("FakeStringValue") + settingsBlockTimeLanguagePage = $True + locationServicesBlocked = $True + defenderScanMaxCpu = 25 + edgeFavoritesBarVisibility = "notConfigured" + accountsBlockAddingNonMicrosoftAccountEmail = $True + defenderCloudExtendedTimeoutInSeconds = 25 + cellularBlockVpnWhenRoaming = $True + startMenuPinnedFolderFileExplorer = "notConfigured" + edgeSearchEngine = @{ + edgeSearchEngineOpenSearchXmlUrl = "FakeStringValue" + edgeSearchEngineType = "default" + '@odata.type' = "#microsoft.graph.edgeSearchEngine" + } } - defenderFileExtensionsToExclude = "[`"csv,jpg,docx`"]" - defenderFilesAndFoldersToExclude = "[`"c:\\2,C:\\1`"]" - defenderProcessesToExclude = "[`"notepad.exe,c:\\Windows\\myprocess.exe`"]" - lockScreenAllowTimeoutConfiguration = $true - lockScreenBlockActionCenterNotifications = $true - lockScreenBlockCortana = $true - lockScreenBlockToastNotifications = $false - lockScreenTimeoutInSeconds = 90 - passwordBlockSimple = $true - passwordExpirationDays = 6 - passwordMinimumLength = 5 - passwordMinutesOfInactivityBeforeScreenTimeout = 15 - passwordMinimumCharacterSetCount = 1 - passwordPreviousPasswordBlockCount = 2 - passwordRequired = $true - passwordRequireWhenResumeFromIdleState = $true - passwordRequiredType = 'alphanumeric' - passwordSignInFailureCountBeforeFactoryReset = 12 - privacyAdvertisingId = 'blocked' - privacyAutoAcceptPairingAndConsentPrompts = $true - privacyBlockInputPersonalization = $true - startBlockUnpinningAppsFromTaskbar = $true - startMenuAppListVisibility = 'collapse' - startMenuHideChangeAccountSettings = $true - startMenuHideFrequentlyUsedApps = $true - startMenuHideHibernate = $true - startMenuHideLock = $true - startMenuHidePowerButton = $true - startMenuHideRecentJumpLists = $true - startMenuHideRecentlyAddedApps = $true - startMenuHideRestartOptions = $true - startMenuHideShutDown = $true - startMenuHideSignOut = $true - startMenuHideSleep = $true - startMenuHideSwitchAccount = $true - startMenuHideUserTile = $true - startMenuLayoutXml = '+DQogICAGlmaWNhdGlvblRlbXBsYXRlPg==' - startMenuMode = 'fullScreen' - startMenuPinnedFolderDocuments = 'hide' - startMenuPinnedFolderDownloads = 'hide' - startMenuPinnedFolderFileExplorer = 'hide' - startMenuPinnedFolderHomeGroup = 'hide' - startMenuPinnedFolderMusic = 'hide' - startMenuPinnedFolderNetwork = 'hide' - startMenuPinnedFolderPersonalFolder = 'hide' - startMenuPinnedFolderPictures = 'hide' - startMenuPinnedFolderSettings = 'hide' - startMenuPinnedFolderVideos = 'hide' - settingsBlockSettingsApp = $true - settingsBlockSystemPage = $true - settingsBlockDevicesPage = $true - settingsBlockNetworkInternetPage = $true - settingsBlockPersonalizationPage = $true - settingsBlockAccountsPage = $true - settingsBlockTimeLanguagePage = $true - settingsBlockEaseOfAccessPage = $true - settingsBlockPrivacyPage = $true - settingsBlockUpdateSecurityPage = $true - settingsBlockAppsPage = $true - settingsBlockGamingPage = $true - windowsSpotlightBlockConsumerSpecificFeatures = $true - windowsSpotlightBlocked = $true - windowsSpotlightBlockOnActionCenter = $true - windowsSpotlightBlockTailoredExperiences = $true - windowsSpotlightBlockThirdPartyNotifications = $true - windowsSpotlightBlockWelcomeExperience = $true - windowsSpotlightBlockWindowsTips = $true - windowsSpotlightConfigureOnLockScreen = 'disabled' - networkProxyApplySettingsDeviceWide = $true - networkProxyDisableAutoDetect = $true - networkProxyAutomaticConfigurationUrl = 'https://example.com/networkProxyAutomaticConfigurationUrl/' - accountsBlockAddingNonMicrosoftAccountEmail = $true - antiTheftModeBlocked = $true - bluetoothBlocked = $true - bluetoothAllowedServices = "[`"8e473eaa-ead4-4c60-ba9c-2c5696d71492`",`"21913f2d-a803-4f36-8039-669fd94ce5b3`"]" - bluetoothBlockAdvertising = $true - bluetoothBlockDiscoverableMode = $true - bluetoothBlockPrePairing = $true - cameraBlocked = $true - connectedDevicesServiceBlocked = $true - certificatesBlockManualRootCertificateInstallation = $true - copyPasteBlocked = $true - cortanaBlocked = $true - deviceManagementBlockFactoryResetOnMobile = $true - deviceManagementBlockManualUnenroll = $true - safeSearchFilter = 'strict' - edgeBlockPopups = $true - edgeBlockSearchSuggestions = $true - edgeBlockSendingIntranetTrafficToInternetExplorer = $true - edgeSendIntranetTrafficToInternetExplorer = $true - edgeRequireSmartScreen = $true - edgeFirstRunUrl = 'https://contoso.com/' - edgeBlockAccessToAboutFlags = $true - edgeHomepageUrls = "[`"https://microsoft.com`"]" - smartScreenBlockPromptOverride = $true - smartScreenBlockPromptOverrideForFiles = $true - webRtcBlockLocalhostIpAddress = $true - internetSharingBlocked = $true - settingsBlockAddProvisioningPackage = $true - settingsBlockRemoveProvisioningPackage = $true - settingsBlockChangeSystemTime = $true - settingsBlockEditDeviceName = $true - settingsBlockChangeRegion = $true - settingsBlockChangeLanguage = $true - settingsBlockChangePowerSleep = $true - locationServicesBlocked = $true - microsoftAccountBlocked = $true - microsoftAccountBlockSettingsSync = $true - nfcBlocked = $true - resetProtectionModeBlocked = $true - screenCaptureBlocked = $true - storageBlockRemovableStorage = $true - storageRequireMobileDeviceEncryption = $true - usbBlocked = $true - voiceRecordingBlocked = $true - wiFiBlockAutomaticConnectHotspots = $true - wiFiBlocked = $true - wiFiBlockManualConfiguration = $true - wiFiScanInterval = 1 - wirelessDisplayBlockProjectionToThisDevice = $true - wirelessDisplayBlockUserInputFromReceiver = $true - wirelessDisplayRequirePinForPairing = $true - windowsStoreBlocked = $true - appsAllowTrustedAppsSideloading = 'blocked' - windowsStoreBlockAutoUpdate = $true - developerUnlockSetting = 'blocked' - sharedUserAppDataAllowed = $true - appsBlockWindowsStoreOriginatedApps = $true - windowsStoreEnablePrivateStoreOnly = $true - storageRestrictAppDataToSystemVolume = $true - storageRestrictAppInstallToSystemVolume = $true - gameDvrBlocked = $true - edgeSearchEngine = @{edgeSearchEngineType = 'bing' } - experienceBlockDeviceDiscovery = $true - experienceBlockErrorDialogWhenNoSIM = $true - experienceBlockTaskSwitcher = $true - logonBlockFastUserSwitching = $true - tenantLockdownRequireNetworkDuringOutOfBoxExperience = $true - enterpriseCloudPrintDiscoveryEndPoint = 'https://cloudprinterdiscovery.contoso.com' - enterpriseCloudPrintDiscoveryMaxLimit = 4 - enterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'http://mopriadiscoveryservice/cloudprint' - enterpriseCloudPrintOAuthClientIdentifier = '30fbf7e8-321c-40ce-8b9f-160b6b049257' - enterpriseCloudPrintOAuthAuthority = 'https:/tenant.contoso.com/adfs' - enterpriseCloudPrintResourceIdentifier = 'http://cloudenterpriseprint/cloudPrint' - networkProxyServer = @('address=proxy.contoso.com:8080', "exceptions=*.contoso.com`r`n*.internal.local", 'useForLocalAddresses=false') + description = "FakeStringValue" + displayName = "FakeStringValue" + id = "FakeStringValue" + supportsScopeTags = $True + } } } - - It 'Should Reverse Engineer resource from the Export method' { + It "Should Reverse Engineer resource from the Export method" { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty } From 357d19756974777693379ebbd1fa6ad9f3df5aa1 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:16:39 +0100 Subject: [PATCH 3/5] DRG complexTypeConstructor fix --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index ce456ae5c3..a514f8d703 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -1590,15 +1590,15 @@ function Get-ComplexTypeConstructorToString if ($isNested) { $valuePrefix=$ParentPropertyValuePath - if ($null -eq $valuePrefix) - { + #if ($null -eq $valuePrefix) + #{ $propRoot=$ParentPropertyName.replace("my","") $valuePrefix="current$propRoot." - if ($property.IsRootProperty -eq $false -and -not $IsNested) - { - $valuePrefix += "AdditionalProperties." - } - } + #if ($property.IsRootProperty -eq $false -and -not $IsNested) + #{ + # $valuePrefix += "AdditionalProperties." + #} + #} } $iterationPropertyName="current$propertyName" $complexString.appendLine($spacing + "`$$returnPropertyName" + " = @()") | Out-Null @@ -1621,6 +1621,8 @@ function Get-ComplexTypeConstructorToString if ($Property.IsArray) { $valuePrefix = "$iterationPropertyName." + $referencePrefix = "$iterationPropertyName." + write-host -ForegroundColor Yellow ($valuePrefix) } if ($isNested -and -not $Property.IsArray) { @@ -1767,6 +1769,7 @@ function Get-ComplexTypeConstructorToString } else { + write-host ("Add - $valuePrefix") if ($isNested) { $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null From 37154450dc551110070bf76f0947e2f006516f80 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:18:27 +0100 Subject: [PATCH 4/5] removed trace --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index a514f8d703..c6f1a06957 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -1622,7 +1622,6 @@ function Get-ComplexTypeConstructorToString { $valuePrefix = "$iterationPropertyName." $referencePrefix = "$iterationPropertyName." - write-host -ForegroundColor Yellow ($valuePrefix) } if ($isNested -and -not $Property.IsArray) { @@ -1769,7 +1768,6 @@ function Get-ComplexTypeConstructorToString } else { - write-host ("Add - $valuePrefix") if ($isNested) { $complexString.appendLine($spacing + "`$$tempPropertyName.Add('" + $nestedPropertyName + "', `$$valuePrefix$AssignedPropertyName)" ) | Out-Null From 9b4dfbf12cadc79669dd5b3f189494b8bab02392 Mon Sep 17 00:00:00 2001 From: William-francillette Date: Sat, 1 Apr 2023 18:24:17 +0100 Subject: [PATCH 5/5] fix export trailing coma --- ResourceGenerator/M365DSCResourceGenerator.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/ResourceGenerator/M365DSCResourceGenerator.psm1 b/ResourceGenerator/M365DSCResourceGenerator.psm1 index c6f1a06957..414fce925c 100644 --- a/ResourceGenerator/M365DSCResourceGenerator.psm1 +++ b/ResourceGenerator/M365DSCResourceGenerator.psm1 @@ -476,6 +476,7 @@ function New-M365DSCResource #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace(" ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace("`r`n;`r`n" , "`r`n" ) + $currentDSCBlock = $currentDSCBlock.replace("`r`n,`r`n" , "`r`n" ) '@ } $requiredKey = ''