DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof
|
[ClassVersion("1.0.0")]
class MSFT_AADApplicationOnPremisesPublishingSegmentCORS { [Write, Description("The request headers that the origin domain may specify on the CORS request. The wildcard character * indicates that any header beginning with the specified prefix is allowed.")] String allowedHeaders[]; [Write, Description("The maximum amount of time that a browser should cache the response to the preflight OPTIONS request.")] UInt32 maxAgeInSeconds; [Write, Description("Resource within the application segment for which CORS permissions are granted. / grants permission for whole app segment.")] String resource; [Write, Description("The HTTP request methods that the origin domain may use for a CORS request.")] String allowedMethods[]; [Write, Description("The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. The origin must be an exact case-sensitive match with the origin that the user age sends to the service.")] String allowedOrigins[]; }; [ClassVersion("1.0.0")] class MSFT_AADApplicationOnPremisesPublishingSegment { [Write, Description("If you're configuring a traffic manager in front of multiple App Proxy application segments, contains the user-friendly URL that will point to the traffic manager.")] String alternateUrl; [Write, Description("CORS Rule definition for a particular application segment."), EmbeddedInstance("MSFT_AADApplicationOnPremisesPublishingSegmentCORS")] String corsConfigurations[]; [Write, Description("The published external URL for the application segment; for example, https://intranet.contoso.com./")] String externalUrl; [Write, Description("The internal URL of the application segment; for example, https://intranet/.")] String internalUrl; }; [ClassVersion("1.0.0")] class MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos { [Write, Description("The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials.")] String kerberosServicePrincipalName; [Write, Description("The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName.")] String kerberosSignOnMappingAttributeType; }; [ClassVersion("1.0.0")] class MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting { [Write, Description("The preferred single-sign on mode for the application. Possible values are: none, onPremisesKerberos, aadHeaderBased,pingHeaderBased, oAuthToken.")] String singleSignOnMode; [Write, Description("The Kerberos Constrained Delegation settings for applications that use Integrated Window Authentication."), EmbeddedInstance("MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos")] String kerberosSignOnSettings; }; [ClassVersion("1.0.0")] class MSFT_AADApplicationOnPremisesPublishing { [Write, Description("If you're configuring a traffic manager in front of multiple App Proxy applications, the alternateUrl is the user-friendly URL that points to the traffic manager.")] String alternateUrl; [Write, Description("The duration the connector waits for a response from the backend application before closing the connection. Possible values are default, long.")] String applicationServerTimeout; [Write, Description("Details the pre-authentication setting for the application. Pre-authentication enforces that users must authenticate before accessing the app. Pass through doesn't require authentication. Possible values are: passthru, aadPreAuthentication.")] String externalAuthenticationType; [Write, Description("The published external url for the application. For example, https://intranet-contoso.msappproxy.net/.")] String externalUrl; [Write, Description("The internal url of the application. For example, https://intranet/.")] String internalUrl; [Write, Description("Indicates whether backend SSL certificate validation is enabled for the application. For all new Application Proxy apps, the property is set to true by default. For all existing apps, the property is set to false.")] Boolean isBackendCertificateValidationEnabled; [Write, Description("Indicates if the HTTPOnly cookie flag should be set in the HTTP response headers. Set this value to true to have Application Proxy cookies include the HTTPOnly flag in the HTTP response headers. If using Remote Desktop Services, set this value to False. Default value is false.")] Boolean isHttpOnlyCookieEnabled; [Write, Description("Indicates if the Persistent cookie flag should be set in the HTTP response headers. Keep this value set to false. Only use this setting for applications that can't share cookies between processes. For more information about cookie settings, see Cookie settings for accessing on-premises applications in Microsoft Entra ID. Default value is false.")] Boolean isPersistentCookieEnabled; [Write, Description("Indicates if the Secure cookie flag should be set in the HTTP response headers. Set this value to true to transmit cookies over a secure channel such as an encrypted HTTPS request. Default value is true.")] Boolean isSecureCookieEnabled; [Write, Description("Indicates whether validation of the state parameter when the client uses the OAuth 2.0 authorization code grant flow is enabled. This setting allows admins to specify whether they want to enable CSRF protection for their apps.")] Boolean isStateSessionEnabled; [Write, Description("Indicates if the application should translate urls in the response headers. Keep this value as true unless your application required the original host header in the authentication request. Default value is true.")] Boolean isTranslateHostHeaderEnabled; [Write, Description("Indicates if the application should translate urls in the application body. Keep this value as false unless you have hardcoded HTML links to other on-premises applications and don't use custom domains. For more information, see Link translation with Application Proxy. Default value is false.")] Boolean isTranslateLinksInBodyEnabled; [Write, Description("Represents the collection of application segments for an on-premises wildcard application that's published through Microsoft Entra application proxy."), EmbeddedInstance("MSFT_AADApplicationOnPremisesPublishingSegment")] String onPremisesApplicationSegments[]; [Write, Description("Represents the single sign-on configuration for the on-premises application."), EmbeddedInstance("MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting")] String singleSignOnSettings; }; [ClassVersion("1.0.0")] class MSFT_AADApplicationPermission { [Write, Description("Name of the requested permission.")] String Name; [Write, Description("Name of the API from which the permission comes from.")] String SourceAPI; [Write, Description("Type of permission."), ValueMap{"AppOnly", "Delegated"}, Values{"AppOnly", "Delegated"}] String Type; [Write, Description("Represented whether or not the Admin consent been granted on the app.")] Boolean AdminConsentGranted; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphOptionalClaims { [Write, Description("The optional claims returned in the JWT access token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String AccessToken[]; [Write, Description("The optional claims returned in the JWT ID token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String IdToken[]; [Write, Description("The optional claims returned in the SAML token."), EmbeddedInstance("MSFT_MicrosoftGraphOptionalClaim")] String Saml2Token[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphOptionalClaim { [Write, Description("If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience for the specific task requested by the end user. The default value is false.")] Boolean Essential; [Write, Description("The name of the optional claim.")] String Name; [Write, Description("The source (directory object) of the claim. There are predefined claims and user-defined claims from extension properties. If the source value is null, the claim is a predefined optional claim. If the source value is user, the value in the name property is the extension property from the user object.")] String Source; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphPreAuthorizedApplication { [Write, Description("The unique identifier for the client application.")] String AppId; [Write, Description("The unique identifier for the scopes the client application is granted.")] String PermissionIds[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphApiApplication { [Write, Description("Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent."), EmbeddedInstance("MSFT_MicrosoftGraphPreAuthorizedApplication")] String PreAuthorizedApplications[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphAuthenticationBehaviors { [Write, Description("If false, allows the app to have extended access to Azure AD Graph until June 30, 2025 when Azure AD Graph is fully retired. For more information on Azure AD retirement updates, see June 2024 update on Azure AD Graph API retirement.")] Boolean BlockAzureADGraphAccess; [Write, Description("If true, removes the email claim from tokens sent to an application when the email address's domain can't be verified.")] Boolean RemoveUnverifiedEmailClaim; [Write, Description("If true, requires multitenant applications to have a service principal in the resource tenant as part of authorization checks before they're granted access tokens. This property is only modifiable for multitenant resource applications that rely on access from clients without a service principal and had this behavior as set to false by Microsoft. Tenant administrators should respond to security advisories sent through Azure Health Service events and the Microsoft 365 message center.")] Boolean RequireClientServicePrincipal; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphKeyCredential { [Write, Description("A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.")] String CustomKeyIdentifier; [Write, Description("Friendly name for the key. Optional.")] String DisplayName; [Write, Description("The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String EndDateTime; [Write, Description("The unique identifier (GUID) for the key.")] String KeyId; [Write, Description("The certificate's raw data in byte array converted to Base64 string.")] String Key; [Write, Description("The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.")] String StartDateTime; [Write, Description("The type of key credential for example, Symmetric, AsymmetricX509Cert.")] String Type; [Write, Description("A string that describes the purpose for which the key can be used for example, Verify.")] String Usage; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphPasswordCredential { [Write, Description("Friendly name for the password. Optional.")] String DisplayName; [Write, Description("The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String EndDateTime; [Write, Description("Contains the first three characters of the password. Read-only.")] String Hint; [Write, Description("The unique identifier for the password.")] String KeyId; [Write, Description("The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.")] String StartDateTime; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphAppRole { [Write, Description("Specifies whether this app role can be assigned to users and groups (by setting to 'User'), to other application's (by setting to 'Application', or both (by setting to 'User', 'Application'). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities.")] String AllowedMemberTypes[]; [Write, Description("The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences.")] String Description; [Write, Description("Display name for the permission that appears in the app role assignment and consent experiences.")] String DisplayName; [Write, Description("Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided.")] String Id; [Write, Description("When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed.")] Boolean IsEnabled; [Write, Description("Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only.")] String Origin; [Write, Description("Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / : = + _ } , and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with ..")] String Value; }; [ClassVersion("1.0.0.0"), FriendlyName("AADApplication")] class MSFT_AADApplication : OMI_BaseResource { [Key, Description("DisplayName of the app")] string DisplayName; [Write, Description("ObjectID of the app.")] String ObjectId; [Write, Description("AppId for the app.")] String AppId; [Write, Description("Indicates whether this application is available in other tenants.")] Boolean AvailableToOtherTenants; [Write, Description("A free text field to provide a description of the application object to end users. The maximum allowed size is 1024 characters.")] String Description; [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.")] String GroupMembershipClaims; [Write, Description("The URL to the application's homepage.")] String Homepage; [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[]; [Write, Description("Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.")] Boolean IsFallbackPublicClient; [Write, Description("Client applications that are tied to this resource application.")] string KnownClientApplications[]; [Write, Description("Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app."), EmbeddedInstance("MSFT_MicrosoftGraphoptionalClaims")] String OptionalClaims; [Write, Description("Specifies settings for an application that implements a web API."), EmbeddedInstance("MSFT_MicrosoftGraphapiApplication")] String Api; [Write, Description("The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. Returned only on $select. For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization."), EmbeddedInstance("MSFT_MicrosoftGraphauthenticationBehaviors")] String AuthenticationBehaviors; [Write, Description("The collection of password credentials associated with the application. Not nullable."), EmbeddedInstance("MSFT_MicrosoftGraphpasswordCredential")] String PasswordCredentials[]; [Write, Description("The collection of key credentials associated with the application. Not nullable. Supports $filter (eq, not, ge, le)."), EmbeddedInstance("MSFT_MicrosoftGraphkeyCredential")] String KeyCredentials[]; [Write, Description("The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable."), EmbeddedInstance("MSFT_MicrosoftGraphappRole")] String AppRoles[]; [Write, Description("The logout url for this application.")] string LogoutURL; [Write, Description("Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.")] Boolean PublicClient; [Write, Description("Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.")] String ReplyURLs[]; [Write, Description("UPN or ObjectID values of the app's owners.")] String Owners[]; [Write, Description("Represents the set of properties required for configuring Application Proxy for this application. Configuring these properties allows you to publish your on-premises application for secure remote access."), EmbeddedInstance("MSFT_AADApplicationOnPremisesPublishing")] String OnPremisesPublishing; [Write, Description("Identifier of the associated Application Template.")] String ApplicationTemplateId; [Write, Description("Specify if the Azure AD App should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("API permissions for the Azure Active Directory Application."),EmbeddedInstance("MSFT_AADApplicationPermission")] String Permissions[]; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |