DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof

[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphRegistrationEnforcement
{
    [Write, Description("Run campaigns to remind users to setup targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign")] String AuthenticationMethodsRegistrationCampaign;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign
{
    [Write, Description("Users and groups of users that are excluded from being prompted to set up the authentication method."), EmbeddedInstance("MSFT_MicrosoftGraphExcludeTarget")] String ExcludeTargets[];
    [Write, Description("Users and groups of users that are prompted to set up the authentication method."), EmbeddedInstance("MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget")] String IncludeTargets[];
    [Write, Description("Specifies the number of days that the user sees a prompt again if they select 'Not now' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is '0' The user is prompted during every MFA attempt.")] UInt32 SnoozeDurationInDays;
    [Write, Description("Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled."), ValueMap{"default","enabled","disabled","unknownFutureValue"}, Values{"default","enabled","disabled","unknownFutureValue"}] String State;
};
[ClassVersion("1.0.0")]
class MSFT_AADAuthenticationMethodPolicyExcludeTarget
{
    [Write, Description("The object identifier of an Azure AD group.")] String Id;
    [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
[ClassVersion("1.0.0")]
class MSFT_AADAuthenticationMethodPolicyIncludeTarget
{
    [Write, Description("The ID of the entity targeted.")] String Id;
    [Write, Description("The kind of entity targeted. Possible values are: user, group."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphExcludeTarget
{
    [Write, Description("The object identifier of an Azure AD user or group.")] String Id;
    [Write, Description("The type of the authentication method target. Possible values are: user, group, unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget
{
    [Write, Description("The object identifier of an Azure AD user or group.")] String Id;
    [Write, Description("The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.")] String TargetedAuthenticationMethod;
    [Write, Description("The type of the authentication method target. Possible values are: user, group, unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphSystemCredentialPreferences
{
    [Write, Description("Users and groups excluded from the preferred authentication method experience of the system."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyExcludeTarget")] String ExcludeTargets[];
    [Write, Description("Users and groups included in the preferred authentication method experience of the system."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyIncludeTarget")] String IncludeTargets[];
    [Write, Description("Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled."), ValueMap{"default","enabled","disabled","unknownFutureValue"}, Values{"default","enabled","disabled","unknownFutureValue"}] String State;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphReportSuspiciousActivitySettings
{
    [Write, Description("Group IDs in scope for report suspicious activity."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyIncludeTarget")] String IncludeTarget;
    [Write, Description("Specifies the state of the reportSuspiciousActivitySettings object."), ValueMap{"default","enabled","disabled","unknownFutureValue"}, Values{"default","enabled","disabled","unknownFutureValue"}] String State;
    [Write, Description("Specifies the number the user enters on their phone to report the MFA prompt as suspicious.")] UInt32 VoiceReportingCode;
};
 
[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationMethodPolicy")]
class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource
{
    [Write, Description("A description of the policy.")] String Description;
    [Key, Description("The name of the policy.")] String DisplayName;
    [Write, Description("The state of migration of the authentication methods policy from the legacy multifactor authentication and self-service password reset (SSPR) policies. The possible values are: premigration - means the authentication methods policy is used for authentication only, legacy policies are respected. migrationInProgress - means the authentication methods policy is used for both authenication and SSPR, legacy policies are respected. migrationComplete - means the authentication methods policy is used for authentication and SSPR, legacy policies are ignored. unknownFutureValue - Evolvable enumeration sentinel value. Do not use."), ValueMap{"preMigration","migrationInProgress","migrationComplete","unknownFutureValue"}, Values{"preMigration","migrationInProgress","migrationComplete","unknownFutureValue"}] String PolicyMigrationState;
    [Write, Description("The version of the policy in use.")] String PolicyVersion;
    [Write, Description("Days before the user will be asked to reconfirm their method.")] UInt32 ReconfirmationInDays;
    [Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement;
    [Write, Description("Allows users to report suspicious activities if they receive an authentication request that they did not initiate."), EmbeddedInstance("MSFT_MicrosoftGraphreportSuspiciousActivitySettings")] String ReportSuspiciousActivitySettings;
    [Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences;
    [Write, Description("The unique identifier for an entity. Read-only.")] String Id;
    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present"}, Values{"Present"}] string Ensure;
    [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
    [Write, Description("Access token used for authentication.")] String AccessTokens[];
};