DSCResources/MSFT_IntuneDeviceControlPolicyWindows10/MSFT_IntuneDeviceControlPolicyWindows10.schema.mof
|
[ClassVersion("1.0.0.0")]
class MSFT_DeviceManagementConfigurationPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; [Write, Description("The group Id that is the target of the assignment.")] String groupId; [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0.0")] class MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule { [Write, Description("Entry"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry")] String Entry[]; [Write, Description("Name")] String Name; [Write, Description("Excluded ID")] String ExcludedIdList_GroupId[]; [Write, Description("Included ID")] String IncludedIdList_GroupId[]; }; [ClassVersion("1.0.0.0")] class MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry { [Write, Description("Type (allow: Allow, deny: Deny, auditallowed: AuditAllowed, auditdenied: AuditDenied)"), ValueMap{"allow", "deny", "auditallowed", "auditdenied"}, Values{"allow", "deny", "auditallowed", "auditdenied"}] String Type; [Write, Description("Options (0: None, 1: ShowNotification, 2: SendEvent, 3: SendNotificationAndEvent, 4: Disable)"), ValueMap{"0", "1", "2", "3", "4"}, Values{"0", "1", "2", "3", "4"}] String Options; [Write, Description("Sid")] String Sid; [Write, Description("Access mask (1: WDD_READ_ACCESS, 2: WDD_WRITE_ACCESS, 4: WDD_EXECUTE_ACCESS, 8: WDD_FS_READ_ACCESS, 16: WDD_FS_WRITE_ACCESS, 32: WDD_FS_EXECUTE_ACCESS, 64: WDD_PRINT_ACCESS)"), ValueMap{"1", "2", "4", "8", "16", "32", "64"}, Values{"1", "2", "4", "8", "16", "32", "64"}] SInt32 AccessMask[]; [Write, Description("Computer Sid")] String ComputerSid; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceControlPolicyWindows10")] class MSFT_IntuneDeviceControlPolicyWindows10 : OMI_BaseResource { [Write, Description("Policy description")] String Description; [Key, Description("Policy name")] String DisplayName; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("The list of policy rules to apply."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule")] String PolicyRule[]; [Write, Description("Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Allow_Deny_Layered; [Write, Description("Allow installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Allow; [Write, Description("Allowed device IDs")] String DeviceInstall_IDs_Allow_List[]; [Write, Description("Allow installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Allow; [Write, Description("Allowed Instance IDs")] String DeviceInstall_Instance_IDs_Allow_List[]; [Write, Description("Allow installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Allow; [Write, Description("Allowed classes")] String DeviceInstall_Classes_Allow_List[]; [Write, Description("Prevent installation of devices not described by other policy settings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Unspecified_Deny; [Write, Description("Prevent installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Deny; [Write, Description("Prevented device IDs")] String DeviceInstall_IDs_Deny_List[]; [Write, Description("Also apply to matching devices that are already installed. (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_IDs_Deny_Retroactive; [Write, Description("Prevent installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Deny; [Write, Description("Also apply to matching devices that are already installed. (Device) (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Instance_IDs_Deny_Retroactive; [Write, Description("Prevented Instance IDs")] String DeviceInstall_Instance_IDs_Deny_List[]; [Write, Description("Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny; [Write, Description("Prevented Classes")] String DeviceInstall_Classes_Deny_List[]; [Write, Description("Also apply to matching devices that are already installed. (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny_Retroactive; [Write, Description("Prevent installation of removable devices (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Removable_Deny; [Write, Description("WPD Devices: Deny read access (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyRead_Access_2; [Write, Description("WPD Devices: Deny read access (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyRead_Access_1; [Write, Description("WPD Devices: Deny write access (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyWrite_Access_2; [Write, Description("WPD Devices: Deny write access (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WPDDevices_DenyWrite_Access_1; [Write, Description("Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowFullScanRemovableDriveScanning; [Write, Description("Allow Direct Memory Access (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDirectMemoryAccess; [Write, Description("Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DeviceEnumerationPolicy; [Write, Description("Removable Disk Deny Write Access (0: Disabled., 1: Enabled.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RemovableDiskDenyWriteAccess; [Write, Description("Allow USB Connection (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUSBConnection; [Write, Description("Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowBluetooth; [Write, Description("Allow Advertising (0: Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral., 1: Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowAdvertising; [Write, Description("Allow Discoverable Mode (0: Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device., 1: Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDiscoverableMode; [Write, Description("Allow Prepairing (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPrepairing; [Write, Description("Allow Prompted Proximal Connections (0: Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios, 1: Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPromptedProximalConnections; [Write, Description("Services Allowed List")] String ServicesAllowedList[]; [Write, Description("Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStorageCard; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |