DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphassignmentreviewsettings { [Write, Description("The default decision to apply if the request is not reviewed within the period specified in durationInDays."), ValueMap{"acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"}, Values{"acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"}] String AccessReviewTimeoutBehavior; [Write, Description("The number of days within which reviewers should provide input.")] UInt32 DurationInDays; [Write, Description("Specifies whether to display recommendations to the reviewer. The default value is true")] Boolean IsAccessRecommendationEnabled; [Write, Description("Specifies whether the reviewer must provide justification for the approval. The default value is true.")] Boolean IsApprovalJustificationRequired; [Write, Description("If true, access reviews are required for assignments from this policy.")] Boolean IsEnabled; [Write, Description("The interval for recurrence, such as monthly or quarterly.")] String RecurrenceType; [Write, Description("Who should be asked to do the review, either Self or Reviewers.")] String ReviewerType; [Write, Description("If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers."), EmbeddedInstance("MSFT_MicrosoftGraphuserset")] String Reviewers[]; [Write, Description("When the first review should start.")] String StartDateTime; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphuserset { [Write, Description("The type of the resource"), ValueMap{"#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"}, Values{"#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"}] String odataType; [Write, Description("The id of the resource.")] String Id; [Write, Description("Indicates whether the resource is a backup fallback approver.")] Boolean IsBackup; [Write, Description("The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor's manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.")] UInt32 ManagerLevel; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphaccesspackagequestion { [Write, Description("The type of the resource"), ValueMap{"#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"}, Values{"#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"}] String odataType; [Write, Description("ID of the question.")] String Id; [Write, Description("Specifies whether the requestor is allowed to edit answers to questions.")] Boolean IsAnswerEditable; [Write, Description("Whether the requestor is required to supply an answer or not.")] Boolean IsRequired; [Write, Description("Relative position of this question when displaying a list of questions to the requestor.")] UInt32 Sequence; [Write, Description("The text of the question to show to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccessPackageLocalizedContent")] String QuestionText; [Write, Description("List of answer choices."), EmbeddedInstance("MSFT_MicrosoftGraphaccessPackageAnswerChoice")] String Choices[]; [Write, Description("Indicates whether requestor can select multiple choices as their answer.")] Boolean AllowsMultipleSelection; [Write, Description("This is the regex pattern that the corresponding text answer must follow.")] String RegexPattern; [Write, Description("Indicates whether the answer will be in single or multiple line format.")] Boolean IsSingleLineQuestion; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphaccessPackageLocalizedContent { [Write, Description("The fallback string, which is used when a requested localization is not available. Required.")] String DefaultText; [Write, Description("Content represented in a format for a specific locale."),EmbeddedInstance("MSFT_MicrosoftGraphaccessPackageLocalizedText")] String LocalizedTexts[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphaccessPackageLocalizedText { [Write, Description("The text in the specific language. Required.")] String Text; [Write, Description("The ISO code for the intended language. Required.")] String LanguageCode; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphaccessPackageAnswerChoice { [Write, Description("The actual value of the selected choice. This is typically a string value which is understandable by applications. Required.")] String ActualValue; [Write, Description("The localized display values shown to the requestor and approvers. Required."),EmbeddedInstance("MSFT_MicrosoftGraphaccessPackageLocalizedContent")] String displayValue; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphapprovalsettings { [Write, Description("One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false."), ValueMap{"SingleStage","Serial","Parallel","NoApproval"}, Values{"SingleStage","Serial","Parallel","NoApproval"}] String ApprovalMode; [Write, Description("If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required."), EmbeddedInstance("MSFT_MicrosoftGraphapprovalstage1")] String ApprovalStages[]; [Write, Description("Indicates whether approval is required for requests in this policy.")] Boolean IsApprovalRequired; [Write, Description("Indicates whether approval is required for a user to extend their assignment.")] Boolean IsApprovalRequiredForExtension; [Write, Description("Indicates whether the requestor is required to supply a justification in their request.")] Boolean IsRequestorJustificationRequired; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphapprovalstage1 { [Write, Description("The number of days that a request can be pending a response before it is automatically denied.")] UInt32 ApprovalStageTimeOutInDays; [Write, Description("Indicates whether the approver is required to provide a justification for approving a request.")] UInt32 EscalationTimeInMinutes; [Write, Description("If true, then one or more escalation approvers are configured in this approval stage.")] Boolean IsApproverJustificationRequired; [Write, Description("If escalation is required, the time a request can be pending a response from a primary approver.")] Boolean IsEscalationEnabled; [Write, Description("The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection."), EmbeddedInstance("MSFT_MicrosoftGraphuserset")] String PrimaryApprovers[]; [Write, Description("If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection."), EmbeddedInstance("MSFT_MicrosoftGraphuserset")] String EscalationApprovers[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphrequestorsettings { [Write, Description("Indicates whether new requests are accepted on this policy.")] Boolean AcceptRequests; [Write, Description("The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers."), EmbeddedInstance("MSFT_MicrosoftGraphuserset")] String AllowedRequestors[]; [Write, Description("Who can request."), ValueMap{"NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"}, Values{"NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"}] String ScopeType; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomextensionhandler { [Write, Description("Indicates which custom workflow extension will be executed at this stage."), EmbeddedInstance("MSFT_MicrosoftGraphcustomaccesspackageworkflowextension")] String CustomExtension; [Write, Description("Indicates the stage of the access package assignment request workflow when the access package custom extension runs."), ValueMap{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}, Values{"assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"}] String Stage; [Write, Description("Identifier of the stage.")] String Id; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomaccesspackageworkflowextension { [Write, Description("Configuration for securing the API call to the logic app. For example, using OAuth client credentials flow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String AuthenticationConfiguration; [Write, Description("HTTP connection settings that define how long Azure AD can wait for a connection to a logic app, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ClientConfiguration; [Write, Description("Description for the customAccessPackageWorkflowExtension object.")] String Description; [Write, Description("Display name for the customAccessPackageWorkflowExtension object.")] String DisplayName; [Write, Description("The type and details for configuring the endpoint to call the logic app's workflow."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionendpointconfiguration")] String EndpointConfiguration; [Write, Description("Identifier for the customAccessPackageWorkflowExtension object.")] String Id; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration { [Write, Description("The appID of the Azure AD application to use to authenticate a logic app with a custom access package workflow extension.")] String ResourceId; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomextensionclientconfiguration { [Write, Description("The max duration in milliseconds that Azure AD will wait for a response from the logic app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.")] UInt32 TimeoutInMilliseconds; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphcustomextensionendpointconfiguration { [Write, Description("The name of the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionauthenticationconfiguration")] String LogicAppWorkflowName; [Write, Description("The Azure resource group name for the logic app."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionclientconfiguration")] String ResourceGroupName; [Write, Description("Identifier of the Azure subscription for the logic app.")] String SubscriptionId; }; [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageAssignmentPolicy")] class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource { [Key, Description("Id of the access package assignment policy.")] String Id; [Required, Description("The display name of the policy.")] String DisplayName; [Write, Description("Identifier of the access package.")] String AccessPackageId; [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings; [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend; [Write, Description("The description of the policy.")] String Description; [Write, Description("The number of days in which assignments from this policy last until they are expired.")] UInt32 DurationInDays; [Write, Description("The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z")] String ExpirationDateTime; [Write, Description("Questions that are posed to the requestor."), EmbeddedInstance("MSFT_MicrosoftGraphaccesspackagequestion")] String Questions[]; [Write, Description("Who must approve requests for access package in this policy."), EmbeddedInstance("MSFT_MicrosoftGraphapprovalsettings")] String RequestApprovalSettings; [Write, Description("Who can request this access package from this policy."), EmbeddedInstance("MSFT_MicrosoftGraphrequestorsettings")] String RequestorSettings; [Write, Description("The collection of stages when to execute one or more custom access package workflow extensions."), EmbeddedInstance("MSFT_MicrosoftGraphcustomextensionhandler")] String CustomExtensionHandlers[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; |