DSCResources/cIntuneAccountProtectionPolicy/cIntuneAccountProtectionPolicy.schema.psm1

configuration cIntuneAccountProtectionPolicy {
    param (
        [Parameter()]
        [hashtable[]]
        $Items
)

<#
IntuneAccountProtectionPolicy [String] #ResourceName
{
    DisplayName = [string]
    [AccessTokens = [string[]]]
    [ApplicationId = [string]]
    [ApplicationSecret = [PSCredential]]
    [Assignments = [MSFT_IntuneAccountProtectionPolicyAssignments[]]]
    [CertificateThumbprint = [string]]
    [Credential = [PSCredential]]
    [DependsOn = [string[]]]
    [Description = [string]]
    [DeviceGuardLocalSystemAuthorityCredentialGuardSettings = [string]{ disable | enableWithoutUEFILock | enableWithUEFILock | notConfigured }]
    [EnhancedAntiSpoofingForFacialFeaturesEnabled = [bool]]
    [Ensure = [string]{ Absent | Present }]
    [Identity = [string]]
    [ManagedIdentity = [bool]]
    [PinExpirationInDays = [UInt32]]
    [PinLowercaseCharactersUsage = [string]{ allowed | blocked | notConfigured | required }]
    [PinMaximumLength = [UInt32]]
    [PinMinimumLength = [UInt32]]
    [PinPreviousBlockCount = [UInt32]]
    [PinRecoveryEnabled = [bool]]
    [PinSpecialCharactersUsage = [string]{ allowed | blocked | notConfigured | required }]
    [PinUppercaseCharactersUsage = [string]{ allowed | blocked | notConfigured | required }]
    [PsDscRunAsCredential = [PSCredential]]
    [SecurityDeviceRequired = [bool]]
    [TenantId = [string]]
    [UnlockWithBiometricsEnabled = [bool]]
    [UseCertificatesForOnPremisesAuthEnabled = [bool]]
    [UseSecurityKeyForSignin = [bool]]
    [WindowsHelloForBusinessBlocked = [string]{ false | notConfigured | true }]
}
 
#>



    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName Microsoft365DSC

    $dscResourceName = 'IntuneAccountProtectionPolicy'

    $param = $PSBoundParameters
    $param.Remove("InstanceName")

    $dscParameterKeys = 'DisplayName' -split ', '

        foreach ($item in $Items)
        {
            if (-not $item.ContainsKey('Ensure'))
            {
                $item.Ensure = 'Present'
            }
            $keyValues = foreach ($key in $dscParameterKeys)
        {
            $item.$key
        }
        $executionName = $keyValues -join '_'
        $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_'
        (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item)
    }
}