DSCResources/MSFT_IntuneDeviceConfigurationPolicyWindows10/MSFT_IntuneDeviceConfigurationPolicyWindows10.schema.mof
[ClassVersion("1.0.0.0")]
class MSFT_DeviceManagementConfigurationPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; [Write, Description("The group Id that is the target of the assignment.")] String groupId; [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphDefenderDetectedMalwareActions1 { [Write, Description("Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block."), ValueMap{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}, Values{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}] String HighSeverity; [Write, Description("Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block."), ValueMap{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}, Values{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}] String LowSeverity; [Write, Description("Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block."), ValueMap{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}, Values{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}] String ModerateSeverity; [Write, Description("Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block."), ValueMap{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}, Values{"deviceDefault","clean","quarantine","remove","allow","userDefined","block"}] String SevereSeverity; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphEdgeHomeButtonConfiguration { [Write, Description("The specific URL to load.")] String HomeButtonCustomURL; [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"}, Values{"#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"}] String odataType; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphEdgeSearchEngineBase { [Write, Description("Allows IT admins to set a predefined default search engine for MDM-Controlled devices. Possible values are: default, bing."), ValueMap{"default","bing"}, Values{"default","bing"}] String EdgeSearchEngineType; [Write, Description("Points to a https link containing the OpenSearch xml file that contains, at minimum, the short name and the URL to the search Engine.")] String EdgeSearchEngineOpenSearchXmlUrl; [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"}, Values{"#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"}] String odataType; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindows10NetworkProxyServer { [Write, Description("Address to the proxy server. Specify an address in the format ':'")] String Address; [Write, Description("Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node.")] String Exceptions[]; [Write, Description("Specifies whether the proxy server should be used for local (intranet) addresses.")] Boolean UseForLocalAddresses; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindows10AppsForceUpdateSchedule { [Write, Description("Recurrence schedule. Possible values are: none, daily, weekly, monthly."), ValueMap{"none","daily","weekly","monthly"}, Values{"none","daily","weekly","monthly"}] String Recurrence; [Write, Description("If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.")] Boolean RunImmediatelyIfAfterStartDateTime; [Write, Description("The start time for the force restart.")] String StartDateTime; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyWindows10")] class MSFT_IntuneDeviceConfigurationPolicyWindows10 : OMI_BaseResource { [Write, Description("Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account.")] Boolean AccountsBlockAddingNonMicrosoftAccountEmail; [Write, Description("Specifies if Windows apps can be activated by voice. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String ActivateAppsWithVoice; [Write, Description("Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only).")] Boolean AntiTheftModeBlocked; [Write, Description("This policy setting permits users to change installation options that typically are available only to system administrators.")] Boolean AppManagementMSIAllowUserControlOverInstall; [Write, Description("This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.")] Boolean AppManagementMSIAlwaysInstallWithElevatedPrivileges; [Write, Description("List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.")] String AppManagementPackageFamilyNamesToLaunchAfterLogOn[]; [Write, Description("Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed."), ValueMap{"notConfigured","blocked","allowed"}, Values{"notConfigured","blocked","allowed"}] String AppsAllowTrustedAppsSideloading; [Write, Description("Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded.")] Boolean AppsBlockWindowsStoreOriginatedApps; [Write, Description("Allows secondary authentication devices to work with Windows.")] Boolean AuthenticationAllowSecondaryDevice; [Write, Description("Specifies the preferred domain among available domains in the Azure AD tenant.")] String AuthenticationPreferredAzureADTenantDomainName; [Write, Description("Indicates whether or not Web Credential Provider will be enabled. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String AuthenticationWebSignIn; [Write, Description("Specify a list of allowed Bluetooth services and profiles in hex formatted strings.")] String BluetoothAllowedServices[]; [Write, Description("Whether or not to Block the user from using bluetooth advertising.")] Boolean BluetoothBlockAdvertising; [Write, Description("Whether or not to Block the user from using bluetooth discoverable mode.")] Boolean BluetoothBlockDiscoverableMode; [Write, Description("Whether or not to Block the user from using bluetooth.")] Boolean BluetoothBlocked; [Write, Description("Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device.")] Boolean BluetoothBlockPrePairing; [Write, Description("Whether or not to block the users from using Swift Pair and other proximity based scenarios.")] Boolean BluetoothBlockPromptedProximalConnections; [Write, Description("Whether or not to Block the user from accessing the camera of the device.")] Boolean CameraBlocked; [Write, Description("Whether or not to Block the user from using data over cellular while roaming.")] Boolean CellularBlockDataWhenRoaming; [Write, Description("Whether or not to Block the user from using VPN over cellular.")] Boolean CellularBlockVpn; [Write, Description("Whether or not to Block the user from using VPN when roaming over cellular.")] Boolean CellularBlockVpnWhenRoaming; [Write, Description("Whether or not to allow the cellular data channel on the device. If not configured, the cellular data channel is allowed and the user can turn it off. Possible values are: blocked, required, allowed, notConfigured."), ValueMap{"blocked","required","allowed","notConfigured"}, Values{"blocked","required","allowed","notConfigured"}] String CellularData; [Write, Description("Whether or not to Block the user from doing manual root certificate installation.")] Boolean CertificatesBlockManualRootCertificateInstallation; [Write, Description("Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.")] String ConfigureTimeZone; [Write, Description("Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences.")] Boolean ConnectedDevicesServiceBlocked; [Write, Description("Whether or not to Block the user from using copy paste.")] Boolean CopyPasteBlocked; [Write, Description("Whether or not to Block the user from using Cortana.")] Boolean CortanaBlocked; [Write, Description("Specify whether to allow or disallow the Federal Information Processing Standard (FIPS) policy.")] Boolean CryptographyAllowFipsAlgorithmPolicy; [Write, Description("This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.")] Boolean DataProtectionBlockDirectMemoryAccess; [Write, Description("Whether or not to block end user access to Defender.")] Boolean DefenderBlockEndUserAccess; [Write, Description("Allows or disallows Windows Defender On Access Protection functionality.")] Boolean DefenderBlockOnAccessProtection; [Write, Description("Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance."), ValueMap{"notConfigured","high","highPlus","zeroTolerance"}, Values{"notConfigured","high","highPlus","zeroTolerance"}] String DefenderCloudBlockLevel; [Write, Description("Timeout extension for file scanning by the cloud. Valid values 0 to 50")] UInt32 DefenderCloudExtendedTimeout; [Write, Description("Timeout extension for file scanning by the cloud. Valid values 0 to 50")] UInt32 DefenderCloudExtendedTimeoutInSeconds; [Write, Description("Number of days before deleting quarantined malware. Valid values 0 to 90")] UInt32 DefenderDaysBeforeDeletingQuarantinedMalware; [Write, Description("Gets or sets Defenders actions to take on detected Malware per threat level."), EmbeddedInstance("MSFT_MicrosoftGraphdefenderDetectedMalwareActions1")] String DefenderDetectedMalwareActions; [Write, Description("When blocked, catch-up scans for scheduled full scans will be turned off.")] Boolean DefenderDisableCatchupFullScan; [Write, Description("When blocked, catch-up scans for scheduled quick scans will be turned off.")] Boolean DefenderDisableCatchupQuickScan; [Write, Description("File extensions to exclude from scans and real time protection.")] String DefenderFileExtensionsToExclude[]; [Write, Description("Files and folder to exclude from scans and real time protection.")] String DefenderFilesAndFoldersToExclude[]; [Write, Description("Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly."), ValueMap{"userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"}, Values{"userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"}] String DefenderMonitorFileActivity; [Write, Description("Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: deviceDefault, block, audit."), ValueMap{"deviceDefault","block","audit"}, Values{"deviceDefault","block","audit"}] String DefenderPotentiallyUnwantedAppAction; [Write, Description("Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: userDefined, enable, auditMode, warn, notConfigured."), ValueMap{"userDefined","enable","auditMode","warn","notConfigured"}, Values{"userDefined","enable","auditMode","warn","notConfigured"}] String DefenderPotentiallyUnwantedAppActionSetting; [Write, Description("Processes to exclude from scans and real time protection.")] String DefenderProcessesToExclude[]; [Write, Description("The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting."), ValueMap{"userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"}, Values{"userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"}] String DefenderPromptForSampleSubmission; [Write, Description("Indicates whether or not to require behavior monitoring.")] Boolean DefenderRequireBehaviorMonitoring; [Write, Description("Indicates whether or not to require cloud protection.")] Boolean DefenderRequireCloudProtection; [Write, Description("Indicates whether or not to require network inspection system.")] Boolean DefenderRequireNetworkInspectionSystem; [Write, Description("Indicates whether or not to require real time monitoring.")] Boolean DefenderRequireRealTimeMonitoring; [Write, Description("Indicates whether or not to scan archive files.")] Boolean DefenderScanArchiveFiles; [Write, Description("Indicates whether or not to scan downloads.")] Boolean DefenderScanDownloads; [Write, Description("Indicates whether or not to scan incoming mail messages.")] Boolean DefenderScanIncomingMail; [Write, Description("Indicates whether or not to scan mapped network drives during full scan.")] Boolean DefenderScanMappedNetworkDrivesDuringFullScan; [Write, Description("Max CPU usage percentage during scan. Valid values 0 to 100")] UInt32 DefenderScanMaxCpu; [Write, Description("Indicates whether or not to scan files opened from a network folder.")] Boolean DefenderScanNetworkFiles; [Write, Description("Indicates whether or not to scan removable drives during full scan.")] Boolean DefenderScanRemovableDrivesDuringFullScan; [Write, Description("Indicates whether or not to scan scripts loaded in Internet Explorer browser.")] Boolean DefenderScanScriptsLoadedInInternetExplorer; [Write, Description("The defender system scan type. Possible values are: userDefined, disabled, quick, full."), ValueMap{"userDefined","disabled","quick","full"}, Values{"userDefined","disabled","quick","full"}] String DefenderScanType; [Write, Description("The time to perform a daily quick scan.")] String DefenderScheduledQuickScanTime; [Write, Description("The defender time for the system scan.")] String DefenderScheduledScanTime; [Write, Description("When enabled, low CPU priority will be used during scheduled scans.")] Boolean DefenderScheduleScanEnableLowCpuPriority; [Write, Description("The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24")] UInt32 DefenderSignatureUpdateIntervalInHours; [Write, Description("Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically."), ValueMap{"sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"}, Values{"sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"}] String DefenderSubmitSamplesConsentType; [Write, Description("Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan."), ValueMap{"userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"}, Values{"userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"}] String DefenderSystemScanSchedule; [Write, Description("Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed."), ValueMap{"notConfigured","blocked","allowed"}, Values{"notConfigured","blocked","allowed"}] String DeveloperUnlockSetting; [Write, Description("Indicates whether or not to Block the user from resetting their phone.")] Boolean DeviceManagementBlockFactoryResetOnMobile; [Write, Description("Indicates whether or not to Block the user from doing manual un-enrollment from device management.")] Boolean DeviceManagementBlockManualUnenroll; [Write, Description("Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full."), ValueMap{"userDefined","none","basic","enhanced","full"}, Values{"userDefined","none","basic","enhanced","full"}] String DiagnosticsDataSubmissionMode; [Write, Description("List of legacy applications that have GDI DPI Scaling turned off.")] String DisplayAppListWithGdiDPIScalingTurnedOff[]; [Write, Description("List of legacy applications that have GDI DPI Scaling turned on.")] String DisplayAppListWithGdiDPIScalingTurnedOn[]; [Write, Description("Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge.")] Boolean EdgeAllowStartPagesModification; [Write, Description("Indicates whether or not to prevent access to about flags on Edge browser.")] Boolean EdgeBlockAccessToAboutFlags; [Write, Description("Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services.")] Boolean EdgeBlockAddressBarDropdown; [Write, Description("Indicates whether or not to block auto fill.")] Boolean EdgeBlockAutofill; [Write, Description("Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues.")] Boolean EdgeBlockCompatibilityList; [Write, Description("Indicates whether or not to block developer tools in the Edge browser.")] Boolean EdgeBlockDeveloperTools; [Write, Description("Indicates whether or not to Block the user from using the Edge browser.")] Boolean EdgeBlocked; [Write, Description("Indicates whether or not to Block the user from making changes to Favorites.")] Boolean EdgeBlockEditFavorites; [Write, Description("Indicates whether or not to block extensions in the Edge browser.")] Boolean EdgeBlockExtensions; [Write, Description("Allow or prevent Edge from entering the full screen mode.")] Boolean EdgeBlockFullScreenMode; [Write, Description("Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser.")] Boolean EdgeBlockInPrivateBrowsing; [Write, Description("Indicates whether or not to Block the user from using JavaScript.")] Boolean EdgeBlockJavaScript; [Write, Description("Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge.")] Boolean EdgeBlockLiveTileDataCollection; [Write, Description("Indicates whether or not to Block password manager.")] Boolean EdgeBlockPasswordManager; [Write, Description("Indicates whether or not to block popups.")] Boolean EdgeBlockPopups; [Write, Description("Decide whether Microsoft Edge is prelaunched at Windows startup.")] Boolean EdgeBlockPrelaunch; [Write, Description("Configure Edge to allow or block printing.")] Boolean EdgeBlockPrinting; [Write, Description("Configure Edge to allow browsing history to be saved or to never save browsing history.")] Boolean EdgeBlockSavingHistory; [Write, Description("Indicates whether or not to block the user from adding new search engine or changing the default search engine.")] Boolean EdgeBlockSearchEngineCustomization; [Write, Description("Indicates whether or not to block the user from using the search suggestions in the address bar.")] Boolean EdgeBlockSearchSuggestions; [Write, Description("Indicates whether or not to Block the user from sending the do not track header.")] Boolean EdgeBlockSendingDoNotTrackHeader; [Write, Description("Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead.")] Boolean EdgeBlockSendingIntranetTrafficToInternetExplorer; [Write, Description("Indicates whether the user can sideload extensions.")] Boolean EdgeBlockSideloadingExtensions; [Write, Description("Configure whether Edge preloads the new tab page at Windows startup.")] Boolean EdgeBlockTabPreloading; [Write, Description("Configure to load a blank page in Edge instead of the default New tab page and prevent users from changing it.")] Boolean EdgeBlockWebContentOnNewTabPage; [Write, Description("Clear browsing data on exiting Microsoft Edge.")] Boolean EdgeClearBrowsingDataOnExit; [Write, Description("Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll."), ValueMap{"userDefined","allow","blockThirdParty","blockAll"}, Values{"userDefined","allow","blockThirdParty","blockAll"}] String EdgeCookiePolicy; [Write, Description("Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page.")] Boolean EdgeDisableFirstRunPage; [Write, Description("Indicates the enterprise mode site list location. Could be a local file, local network or http location.")] String EdgeEnterpriseModeSiteListLocation; [Write, Description("Get or set a value that specifies whether to set the favorites bar to always be visible or hidden on any page. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String EdgeFavoritesBarVisibility; [Write, Description("The location of the favorites list to provision. Could be a local file, local network or http location.")] String EdgeFavoritesListLocation; [Write, Description("The first run URL for when Edge browser is opened for the first time.")] String EdgeFirstRunUrl; [Write, Description("Causes the Home button to either hide, load the default Start page, load a New tab page, or a custom URL"), EmbeddedInstance("MSFT_MicrosoftGraphedgeHomeButtonConfiguration")] String EdgeHomeButtonConfiguration; [Write, Description("Enable the Home button configuration.")] Boolean EdgeHomeButtonConfigurationEnabled; [Write, Description("The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser.")] String EdgeHomepageUrls[]; [Write, Description("Controls how the Microsoft Edge settings are restricted based on the configure kiosk mode. Possible values are: notConfigured, digitalSignage, normalMode, publicBrowsingSingleApp, publicBrowsingMultiApp."), ValueMap{"notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"}, Values{"notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"}] String EdgeKioskModeRestriction; [Write, Description("Specifies the time in minutes from the last user activity before Microsoft Edge kiosk resets. Valid values are 0-1440. The default is 5. 0 indicates no reset. Valid values 0 to 1440")] UInt32 EdgeKioskResetAfterIdleTimeInMinutes; [Write, Description("Specify the page opened when new tabs are created.")] String EdgeNewTabPageURL; [Write, Description("Specify what kind of pages are open at start. Possible values are: notConfigured, startPage, newTabPage, previousPages, specificPages."), ValueMap{"notConfigured","startPage","newTabPage","previousPages","specificPages"}, Values{"notConfigured","startPage","newTabPage","previousPages","specificPages"}] String EdgeOpensWith; [Write, Description("Allow or prevent users from overriding certificate errors.")] Boolean EdgePreventCertificateErrorOverride; [Write, Description("Specify the list of package family names of browser extensions that are required and cannot be turned off by the user.")] String EdgeRequiredExtensionPackageFamilyNames[]; [Write, Description("Indicates whether or not to Require the user to use the smart screen filter.")] Boolean EdgeRequireSmartScreen; [Write, Description("Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set."), EmbeddedInstance("MSFT_MicrosoftGraphedgeSearchEngineBase")] String EdgeSearchEngine; [Write, Description("Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer.")] Boolean EdgeSendIntranetTrafficToInternetExplorer; [Write, Description("Controls the message displayed by Edge before switching to Internet Explorer. Possible values are: notConfigured, disabled, enabled, keepGoing."), ValueMap{"notConfigured","disabled","enabled","keepGoing"}, Values{"notConfigured","disabled","enabled","keepGoing"}] String EdgeShowMessageWhenOpeningInternetExplorerSites; [Write, Description("Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers.")] Boolean EdgeSyncFavoritesWithInternetExplorer; [Write, Description("Specifies what type of telemetry data (none, intranet, internet, both) is sent to Microsoft 365 Analytics. Possible values are: notConfigured, intranet, internet, intranetAndInternet."), ValueMap{"notConfigured","intranet","internet","intranetAndInternet"}, Values{"notConfigured","intranet","internet","intranetAndInternet"}] String EdgeTelemetryForMicrosoft365Analytics; [Write, Description("Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically re-configured and re-enrolled into management.")] Boolean EnableAutomaticRedeployment; [Write, Description("This setting allows you to specify battery charge level at which Energy Saver is turned on. While on battery, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100")] UInt32 EnergySaverOnBatteryThresholdPercentage; [Write, Description("This setting allows you to specify battery charge level at which Energy Saver is turned on. While plugged in, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100")] UInt32 EnergySaverPluggedInThresholdPercentage; [Write, Description("Endpoint for discovering cloud printers.")] String EnterpriseCloudPrintDiscoveryEndPoint; [Write, Description("Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535")] UInt32 EnterpriseCloudPrintDiscoveryMaxLimit; [Write, Description("OAuth resource URI for printer discovery service as configured in Azure portal.")] String EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier; [Write, Description("Authentication endpoint for acquiring OAuth tokens.")] String EnterpriseCloudPrintOAuthAuthority; [Write, Description("GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority.")] String EnterpriseCloudPrintOAuthClientIdentifier; [Write, Description("OAuth resource URI for print service as configured in the Azure portal.")] String EnterpriseCloudPrintResourceIdentifier; [Write, Description("Indicates whether or not to enable device discovery UX.")] Boolean ExperienceBlockDeviceDiscovery; [Write, Description("Indicates whether or not to allow the error dialog from displaying if no SIM card is detected.")] Boolean ExperienceBlockErrorDialogWhenNoSIM; [Write, Description("Indicates whether or not to enable task switching on the device.")] Boolean ExperienceBlockTaskSwitcher; [Write, Description("Allow or prevent the syncing of Microsoft Edge Browser settings. Option for IT admins to prevent syncing across devices, but allow user override. Possible values are: notConfigured, blockedWithUserOverride, blocked."), ValueMap{"notConfigured","blockedWithUserOverride","blocked"}, Values{"notConfigured","blockedWithUserOverride","blocked"}] String ExperienceDoNotSyncBrowserSettings; [Write, Description("Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String FindMyFiles; [Write, Description("Indicates whether or not to block DVR and broadcasting.")] Boolean GameDvrBlocked; [Write, Description("Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String InkWorkspaceAccess; [Write, Description("Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, blocked, allowed."), ValueMap{"notConfigured","blocked","allowed"}, Values{"notConfigured","blocked","allowed"}] String InkWorkspaceAccessState; [Write, Description("Specify whether to show recommended app suggestions in the ink workspace.")] Boolean InkWorkspaceBlockSuggestedApps; [Write, Description("Indicates whether or not to Block the user from using internet sharing.")] Boolean InternetSharingBlocked; [Write, Description("Indicates whether or not to Block the user from location services.")] Boolean LocationServicesBlocked; [Write, Description("This policy setting specifies whether Windows apps can be activated by voice while the system is locked. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String LockScreenActivateAppsWithVoice; [Write, Description("Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored.")] Boolean LockScreenAllowTimeoutConfiguration; [Write, Description("Indicates whether or not to block action center notifications over lock screen.")] Boolean LockScreenBlockActionCenterNotifications; [Write, Description("Indicates whether or not the user can interact with Cortana using speech while the system is locked.")] Boolean LockScreenBlockCortana; [Write, Description("Indicates whether to allow toast notifications above the device lock screen.")] Boolean LockScreenBlockToastNotifications; [Write, Description("Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800")] UInt32 LockScreenTimeoutInSeconds; [Write, Description("Disables the ability to quickly switch between users that are logged on simultaneously without logging off.")] Boolean LogonBlockFastUserSwitching; [Write, Description("Indicates whether or not to block the MMS send/receive functionality on the device.")] Boolean MessagingBlockMMS; [Write, Description("Indicates whether or not to block the RCS send/receive functionality on the device.")] Boolean MessagingBlockRichCommunicationServices; [Write, Description("Indicates whether or not to block text message back up and restore and Messaging Everywhere.")] Boolean MessagingBlockSync; [Write, Description("Indicates whether or not to Block a Microsoft account.")] Boolean MicrosoftAccountBlocked; [Write, Description("Indicates whether or not to Block Microsoft account settings sync.")] Boolean MicrosoftAccountBlockSettingsSync; [Write, Description("Controls the Microsoft Account Sign-In Assistant (wlidsvc) NT service. Possible values are: notConfigured, disabled."), ValueMap{"notConfigured","disabled"}, Values{"notConfigured","disabled"}] String MicrosoftAccountSignInAssistantSettings; [Write, Description("If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account thats enrolled into MDM.")] Boolean NetworkProxyApplySettingsDeviceWide; [Write, Description("Address to the proxy auto-config (PAC) script you want to use.")] String NetworkProxyAutomaticConfigurationUrl; [Write, Description("Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script.")] Boolean NetworkProxyDisableAutoDetect; [Write, Description("Specifies manual proxy server settings."), EmbeddedInstance("MSFT_MicrosoftGraphwindows10NetworkProxyServer")] String NetworkProxyServer; [Write, Description("Indicates whether or not to Block the user from using near field communication.")] Boolean NfcBlocked; [Write, Description("Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive.")] Boolean OneDriveDisableFileSync; [Write, Description("Specify whether PINs or passwords such as '1111' or '1234' are allowed. For Windows 10 desktops, it also controls the use of picture passwords.")] Boolean PasswordBlockSimple; [Write, Description("The password expiration in days. Valid values 0 to 730")] UInt32 PasswordExpirationDays; [Write, Description("This security setting determines the period of time (in days) that a password must be used before the user can change it. Valid values 0 to 998")] UInt32 PasswordMinimumAgeInDays; [Write, Description("The number of character sets required in the password.")] UInt32 PasswordMinimumCharacterSetCount; [Write, Description("The minimum password length. Valid values 4 to 16")] UInt32 PasswordMinimumLength; [Write, Description("The minutes of inactivity before the screen times out.")] UInt32 PasswordMinutesOfInactivityBeforeScreenTimeout; [Write, Description("The number of previous passwords to prevent reuse of. Valid values 0 to 50")] UInt32 PasswordPreviousPasswordBlockCount; [Write, Description("Indicates whether or not to require the user to have a password.")] Boolean PasswordRequired; [Write, Description("The required password type. Possible values are: deviceDefault, alphanumeric, numeric."), ValueMap{"deviceDefault","alphanumeric","numeric"}, Values{"deviceDefault","alphanumeric","numeric"}] String PasswordRequiredType; [Write, Description("Indicates whether or not to require a password upon resuming from an idle state.")] Boolean PasswordRequireWhenResumeFromIdleState; [Write, Description("The number of sign in failures before factory reset. Valid values 0 to 999")] UInt32 PasswordSignInFailureCountBeforeFactoryReset; [Write, Description("A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image.")] String PersonalizationDesktopImageUrl; [Write, Description("A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.")] String PersonalizationLockScreenImageUrl; [Write, Description("This setting specifies the action that Windows takes when a user presses the Power button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerButtonActionOnBattery; [Write, Description("This setting specifies the action that Windows takes when a user presses the Power button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerButtonActionPluggedIn; [Write, Description("This setting allows you to turn off hybrid sleep while on battery. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String PowerHybridSleepOnBattery; [Write, Description("This setting allows you to turn off hybrid sleep while plugged in. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String PowerHybridSleepPluggedIn; [Write, Description("This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerLidCloseActionOnBattery; [Write, Description("This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerLidCloseActionPluggedIn; [Write, Description("This setting specifies the action that Windows takes when a user presses the Sleep button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerSleepButtonActionOnBattery; [Write, Description("This setting specifies the action that Windows takes when a user presses the Sleep button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown."), ValueMap{"notConfigured","noAction","sleep","hibernate","shutdown"}, Values{"notConfigured","noAction","sleep","hibernate","shutdown"}] String PowerSleepButtonActionPluggedIn; [Write, Description("Prevent user installation of additional printers from printers settings.")] Boolean PrinterBlockAddition; [Write, Description("Name (network host name) of an installed printer.")] String PrinterDefaultName; [Write, Description("Automatically provision printers based on their names (network host names).")] String PrinterNames[]; [Write, Description("Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed."), ValueMap{"notConfigured","blocked","allowed"}, Values{"notConfigured","blocked","allowed"}] String PrivacyAdvertisingId; [Write, Description("Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps.")] Boolean PrivacyAutoAcceptPairingAndConsentPrompts; [Write, Description("Blocks the usage of cloud based speech services for Cortana, Dictation, or Store applications.")] Boolean PrivacyBlockActivityFeed; [Write, Description("Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications.")] Boolean PrivacyBlockInputPersonalization; [Write, Description("Blocks the shared experiences/discovery of recently used resources in task switcher etc.")] Boolean PrivacyBlockPublishUserActivities; [Write, Description("This policy prevents the privacy experience from launching during user logon for new and upgraded users.")] Boolean PrivacyDisableLaunchExperience; [Write, Description("Indicates whether or not to Block the user from reset protection mode.")] Boolean ResetProtectionModeBlocked; [Write, Description("Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate."), ValueMap{"userDefined","strict","moderate"}, Values{"userDefined","strict","moderate"}] String SafeSearchFilter; [Write, Description("Indicates whether or not to Block the user from taking Screenshots.")] Boolean ScreenCaptureBlocked; [Write, Description("Specifies if search can use diacritics.")] Boolean SearchBlockDiacritics; [Write, Description("Indicates whether or not to block the web search.")] Boolean SearchBlockWebResults; [Write, Description("Specifies whether to use automatic language detection when indexing content and properties.")] Boolean SearchDisableAutoLanguageDetection; [Write, Description("Indicates whether or not to disable the search indexer backoff feature.")] Boolean SearchDisableIndexerBackoff; [Write, Description("Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer.")] Boolean SearchDisableIndexingEncryptedItems; [Write, Description("Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed.")] Boolean SearchDisableIndexingRemovableDrive; [Write, Description("Specifies if search can use location information.")] Boolean SearchDisableLocation; [Write, Description("Specifies if search can use location information.")] Boolean SearchDisableUseLocation; [Write, Description("Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops.")] Boolean SearchEnableAutomaticIndexSizeManangement; [Write, Description("Indicates whether or not to block remote queries of this computers index.")] Boolean SearchEnableRemoteQueries; [Write, Description("Specify whether to allow automatic device encryption during OOBE when the device is Azure AD joined (desktop only).")] Boolean SecurityBlockAzureADJoinedDevicesAutoEncryption; [Write, Description("Indicates whether or not to block access to Accounts in Settings app.")] Boolean SettingsBlockAccountsPage; [Write, Description("Indicates whether or not to block the user from installing provisioning packages.")] Boolean SettingsBlockAddProvisioningPackage; [Write, Description("Indicates whether or not to block access to Apps in Settings app.")] Boolean SettingsBlockAppsPage; [Write, Description("Indicates whether or not to block the user from changing the language settings.")] Boolean SettingsBlockChangeLanguage; [Write, Description("Indicates whether or not to block the user from changing power and sleep settings.")] Boolean SettingsBlockChangePowerSleep; [Write, Description("Indicates whether or not to block the user from changing the region settings.")] Boolean SettingsBlockChangeRegion; [Write, Description("Indicates whether or not to block the user from changing date and time settings.")] Boolean SettingsBlockChangeSystemTime; [Write, Description("Indicates whether or not to block access to Devices in Settings app.")] Boolean SettingsBlockDevicesPage; [Write, Description("Indicates whether or not to block access to Ease of Access in Settings app.")] Boolean SettingsBlockEaseOfAccessPage; [Write, Description("Indicates whether or not to block the user from editing the device name.")] Boolean SettingsBlockEditDeviceName; [Write, Description("Indicates whether or not to block access to Gaming in Settings app.")] Boolean SettingsBlockGamingPage; [Write, Description("Indicates whether or not to block access to Network & Internet in Settings app.")] Boolean SettingsBlockNetworkInternetPage; [Write, Description("Indicates whether or not to block access to Personalization in Settings app.")] Boolean SettingsBlockPersonalizationPage; [Write, Description("Indicates whether or not to block access to Privacy in Settings app.")] Boolean SettingsBlockPrivacyPage; [Write, Description("Indicates whether or not to block the runtime configuration agent from removing provisioning packages.")] Boolean SettingsBlockRemoveProvisioningPackage; [Write, Description("Indicates whether or not to block access to Settings app.")] Boolean SettingsBlockSettingsApp; [Write, Description("Indicates whether or not to block access to System in Settings app.")] Boolean SettingsBlockSystemPage; [Write, Description("Indicates whether or not to block access to Time & Language in Settings app.")] Boolean SettingsBlockTimeLanguagePage; [Write, Description("Indicates whether or not to block access to Update & Security in Settings app.")] Boolean SettingsBlockUpdateSecurityPage; [Write, Description("Indicates whether or not to block multiple users of the same app to share data.")] Boolean SharedUserAppDataAllowed; [Write, Description("Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. Possible values are: notConfigured, anywhere, storeOnly, recommendations, preferStore."), ValueMap{"notConfigured","anywhere","storeOnly","recommendations","preferStore"}, Values{"notConfigured","anywhere","storeOnly","recommendations","preferStore"}] String SmartScreenAppInstallControl; [Write, Description("Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites.")] Boolean SmartScreenBlockPromptOverride; [Write, Description("Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files")] Boolean SmartScreenBlockPromptOverrideForFiles; [Write, Description("This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.")] Boolean SmartScreenEnableAppInstallControl; [Write, Description("Indicates whether or not to block the user from unpinning apps from taskbar.")] Boolean StartBlockUnpinningAppsFromTaskbar; [Write, Description("Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp."), ValueMap{"userDefined","collapse","remove","disableSettingsApp"}, Values{"userDefined","collapse","remove","disableSettingsApp"}] String StartMenuAppListVisibility; [Write, Description("Enabling this policy hides the change account setting from appearing in the user tile in the start menu.")] Boolean StartMenuHideChangeAccountSettings; [Write, Description("Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.")] Boolean StartMenuHideFrequentlyUsedApps; [Write, Description("Enabling this policy hides hibernate from appearing in the power button in the start menu.")] Boolean StartMenuHideHibernate; [Write, Description("Enabling this policy hides lock from appearing in the user tile in the start menu.")] Boolean StartMenuHideLock; [Write, Description("Enabling this policy hides the power button from appearing in the start menu.")] Boolean StartMenuHidePowerButton; [Write, Description("Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.")] Boolean StartMenuHideRecentJumpLists; [Write, Description("Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.")] Boolean StartMenuHideRecentlyAddedApps; [Write, Description("Enabling this policy hides 'Restart/Update and Restart' from appearing in the power button in the start menu.")] Boolean StartMenuHideRestartOptions; [Write, Description("Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu.")] Boolean StartMenuHideShutDown; [Write, Description("Enabling this policy hides sign out from appearing in the user tile in the start menu.")] Boolean StartMenuHideSignOut; [Write, Description("Enabling this policy hides sleep from appearing in the power button in the start menu.")] Boolean StartMenuHideSleep; [Write, Description("Enabling this policy hides switch account from appearing in the user tile in the start menu.")] Boolean StartMenuHideSwitchAccount; [Write, Description("Enabling this policy hides the user tile from appearing in the start menu.")] Boolean StartMenuHideUserTile; [Write, Description("This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array.")] String StartMenuLayoutEdgeAssetsXml; [Write, Description("Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format.")] String StartMenuLayoutXml; [Write, Description("Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen."), ValueMap{"userDefined","fullScreen","nonFullScreen"}, Values{"userDefined","fullScreen","nonFullScreen"}] String StartMenuMode; [Write, Description("Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderDocuments; [Write, Description("Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderDownloads; [Write, Description("Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderFileExplorer; [Write, Description("Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderHomeGroup; [Write, Description("Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderMusic; [Write, Description("Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderNetwork; [Write, Description("Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderPersonalFolder; [Write, Description("Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderPictures; [Write, Description("Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderSettings; [Write, Description("Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show."), ValueMap{"notConfigured","hide","show"}, Values{"notConfigured","hide","show"}] String StartMenuPinnedFolderVideos; [Write, Description("Indicates whether or not to Block the user from using removable storage.")] Boolean StorageBlockRemovableStorage; [Write, Description("Indicating whether or not to require encryption on a mobile device.")] Boolean StorageRequireMobileDeviceEncryption; [Write, Description("Indicates whether application data is restricted to the system drive.")] Boolean StorageRestrictAppDataToSystemVolume; [Write, Description("Indicates whether the installation of applications is restricted to the system drive.")] Boolean StorageRestrictAppInstallToSystemVolume; [Write, Description("Gets or sets the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests.")] String SystemTelemetryProxyServer; [Write, Description("Specify whether non-administrators can use Task Manager to end tasks.")] Boolean TaskManagerBlockEndTask; [Write, Description("Whether the device is required to connect to the network.")] Boolean TenantLockdownRequireNetworkDuringOutOfBoxExperience; [Write, Description("Indicates whether or not to uninstall a fixed list of built-in Windows apps.")] Boolean UninstallBuiltInApps; [Write, Description("Indicates whether or not to Block the user from USB connection.")] Boolean UsbBlocked; [Write, Description("Indicates whether or not to Block the user from voice recording.")] Boolean VoiceRecordingBlocked; [Write, Description("Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC")] Boolean WebRtcBlockLocalhostIpAddress; [Write, Description("Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked.")] Boolean WiFiBlockAutomaticConnectHotspots; [Write, Description("Indicates whether or not to Block the user from using Wi-Fi.")] Boolean WiFiBlocked; [Write, Description("Indicates whether or not to Block the user from using Wi-Fi manual configuration.")] Boolean WiFiBlockManualConfiguration; [Write, Description("Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500")] UInt32 WiFiScanInterval; [Write, Description("Windows 10 force update schedule for Apps."), EmbeddedInstance("MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule")] String Windows10AppsForceUpdateSchedule; [Write, Description("Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.")] Boolean WindowsSpotlightBlockConsumerSpecificFeatures; [Write, Description("Allows IT admins to turn off all Windows Spotlight features")] Boolean WindowsSpotlightBlocked; [Write, Description("Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed")] Boolean WindowsSpotlightBlockOnActionCenter; [Write, Description("Block personalized content in Windows spotlight based on users device usage.")] Boolean WindowsSpotlightBlockTailoredExperiences; [Write, Description("Block third party content delivered via Windows Spotlight")] Boolean WindowsSpotlightBlockThirdPartyNotifications; [Write, Description("Block Windows Spotlight Windows welcome experience")] Boolean WindowsSpotlightBlockWelcomeExperience; [Write, Description("Allows IT admins to turn off the popup of Windows Tips.")] Boolean WindowsSpotlightBlockWindowsTips; [Write, Description("Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled."), ValueMap{"notConfigured","disabled","enabled"}, Values{"notConfigured","disabled","enabled"}] String WindowsSpotlightConfigureOnLockScreen; [Write, Description("Indicates whether or not to block automatic update of apps from Windows Store.")] Boolean WindowsStoreBlockAutoUpdate; [Write, Description("Indicates whether or not to Block the user from using the Windows store.")] Boolean WindowsStoreBlocked; [Write, Description("Indicates whether or not to enable Private Store Only.")] Boolean WindowsStoreEnablePrivateStoreOnly; [Write, Description("Indicates whether or not to allow other devices from discovering this PC for projection.")] Boolean WirelessDisplayBlockProjectionToThisDevice; [Write, Description("Indicates whether or not to allow user input from wireless display receiver.")] Boolean WirelessDisplayBlockUserInputFromReceiver; [Write, Description("Indicates whether or not to require a PIN for new devices to initiate pairing.")] Boolean WirelessDisplayRequirePinForPairing; [Write, Description("Admin provided description of the Device Configuration.")] String Description; [Required, Description("Admin provided name of the device configuration.")] String DisplayName; [Write, Description("Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.")] Boolean SupportsScopeTags; [Key, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; |