DSCResources/cIntuneAppProtectionPolicyiOS/cIntuneAppProtectionPolicyiOS.schema.psm1
|
configuration cIntuneAppProtectionPolicyiOS { param ( [Parameter()] [hashtable[]] $Items ) <# IntuneAppProtectionPolicyiOS [String] #ResourceName { DisplayName = [string] [AccessTokens = [string[]]] [AllowedDataStorageLocations = [string[]]] [AllowedInboundDataTransferSources = [string]{ allApps | managedApps | none }] [AllowedIosDeviceModels = [string[]]] [AllowedOutboundClipboardSharingExceptionLength = [UInt32]] [AllowedOutboundClipboardSharingLevel = [string]{ allApps | blocked | managedApps | managedAppsWithPasteIn }] [AllowedOutboundDataTransferDestinations = [string]{ allApps | managedApps | none }] [AppActionIfDeviceComplianceRequired = [string]{ block | warn | wipe }] [AppActionIfIosDeviceModelNotAllowed = [string]{ block | warn | wipe }] [AppActionIfMaximumPinRetriesExceeded = [string]{ block | warn | wipe }] [AppDataEncryptionType = [string]{ afterDeviceRestart | useDeviceSettings | whenDeviceLocked | whenDeviceLockedExceptOpenFiles }] [ApplicationId = [string]] [ApplicationSecret = [PSCredential]] [Apps = [string[]]] [Assignments = [string[]]] [CertificateThumbprint = [string]] [ContactSyncBlocked = [bool]] [Credential = [PSCredential]] [CustomBrowserProtocol = [string]] [DataBackupBlocked = [bool]] [DependsOn = [string[]]] [Description = [string]] [DeviceComplianceRequired = [bool]] [DisableAppPinIfDevicePinIsSet = [bool]] [DisableProtectionOfManagedOutboundOpenInData = [bool]] [Ensure = [string]{ Absent | Present }] [ExcludedGroups = [string[]]] [ExemptedAppProtocols = [string[]]] [FaceIdBlocked = [bool]] [FilterOpenInToOnlyManagedApps = [bool]] [FingerprintBlocked = [bool]] [Identity = [string]] [ManagedBrowser = [string]{ microsoftEdge | notConfigured }] [ManagedBrowserToOpenLinksRequired = [bool]] [ManagedIdentity = [bool]] [MaximumPinRetries = [UInt32]] [MinimumPinLength = [UInt32]] [MinimumRequiredAppVersion = [string]] [MinimumRequiredOSVersion = [string]] [MinimumRequiredSdkVersion = [string]] [MinimumWarningAppVersion = [string]] [MinimumWarningOSVersion = [string]] [MinimumWipeAppVersion = [string]] [MinimumWipeOSVersion = [string]] [MinimumWipeSdkVersion = [string]] [NotificationRestriction = [string]{ allow | block | blockOrganizationalData }] [OrganizationalCredentialsRequired = [bool]] [PeriodBeforePinReset = [string]] [PeriodOfflineBeforeAccessCheck = [string]] [PeriodOfflineBeforeWipeIsEnforced = [string]] [PeriodOnlineBeforeAccessCheck = [string]] [PinCharacterSet = [string]{ alphanumericAndSymbol | numeric }] [PinRequired = [bool]] [PinRequiredInsteadOfBiometricTimeout = [string]] [PrintBlocked = [bool]] [ProtectInboundDataFromUnknownSources = [bool]] [PsDscRunAsCredential = [PSCredential]] [SaveAsBlocked = [bool]] [SimplePinBlocked = [bool]] [TargetedAppManagementLevels = [string[]]{ androidEnterprise | mdm | unmanaged | unspecified }] [TenantId = [string]] } #> Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName Microsoft365DSC $dscResourceName = 'IntuneAppProtectionPolicyiOS' $param = $PSBoundParameters $param.Remove("InstanceName") $dscParameterKeys = 'DisplayName' -split ', ' foreach ($item in $Items) { if (-not $item.ContainsKey('Ensure')) { $item.Ensure = 'Present' } $keyValues = foreach ($key in $dscParameterKeys) { $item.$key } $executionName = $keyValues -join '_' $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_' (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item) } } |