DSCResources/MSFT_AADAuthenticationMethodPolicyX509/MSFT_AADAuthenticationMethodPolicyX509.schema.mof

[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphX509CertificateAuthenticationModeConfiguration
{
    [Write, Description("Rules are configured in addition to the authentication mode to bind a specific x509CertificateRuleType to an x509CertificateAuthenticationMode. For example, bind the policyOID with identifier 1.32.132.343 to x509CertificateMultiFactor authentication mode."), EmbeddedInstance("MSFT_MicrosoftGraphX509CertificateRule")] String Rules[];
    [Write, Description("The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue."), ValueMap{"x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"}, Values{"x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"}] String X509CertificateAuthenticationDefaultMode;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphX509CertificateRule
{
    [Write, Description("The identifier of the X.509 certificate. Required.")] String Identifier;
    [Write, Description("The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue. Required."), ValueMap{"x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"}, Values{"x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"}] String X509CertificateAuthenticationMode;
    [Write, Description("The type of the X.509 certificate mode configuration rule. The possible values are: issuerSubject, policyOID, unknownFutureValue. Required."), ValueMap{"issuerSubject","policyOID","unknownFutureValue"}, Values{"issuerSubject","policyOID","unknownFutureValue"}] String X509CertificateRuleType;
};
[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphX509CertificateUserBinding
{
    [Write, Description("The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the certificateUserBindings property of an x509CertificateAuthenticationMethodConfiguration object. Required")] UInt32 Priority;
    [Write, Description("Defines the Azure AD user property of the user object to use for the binding. The possible values are: userPrincipalName, onPremisesUserPrincipalName, email. Required.")] String UserProperty;
    [Write, Description("The field on the X.509 certificate to use for the binding. The possible values are: PrincipalName, RFC822Name.")] String X509CertificateField;
};
[ClassVersion("1.0.0")]
class MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget
{
    [Write, Description("The object identifier of an Azure AD group.")] String Id;
    [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"group","unknownFutureValue"}, Values{"group","unknownFutureValue"}] String TargetType;
};
[ClassVersion("1.0.0")]
class MSFT_AADAuthenticationMethodPolicyX509IncludeTarget
{
    [Write, Description("The object identifier of an Azure AD group.")] String Id;
    [Write, Description("Determines if the user is enforced to register the authentication method.")] Boolean isRegistrationRequired;
    [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"group","unknownFutureValue"}, Values{"group","unknownFutureValue"}] String TargetType;
};
 
[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationMethodPolicyX509")]
class MSFT_AADAuthenticationMethodPolicyX509 : OMI_BaseResource
{
    [Write, Description("Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings."), EmbeddedInstance("MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration")] String AuthenticationModeConfiguration;
    [Write, Description("Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The priority of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored."), EmbeddedInstance("MSFT_MicrosoftGraphx509CertificateUserBinding")] String CertificateUserBindings[];
    [Write, Description("Displayname of the groups of users that are excluded from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget")] String ExcludeTargets[];
    [Write, Description("Displayname of the groups of users that are included from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyX509IncludeTarget")] String IncludeTargets[];
    [Write, Description("The state of the policy. Possible values are: enabled, disabled."), ValueMap{"enabled","disabled"}, Values{"enabled","disabled"}] String State;
    [Key, Description("The unique identifier for an entity. Read-only.")] String Id;
    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
    [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
    [Write, Description("Access token used for authentication.")] String AccessTokens[];
};