DSCResources/MSFT_IntuneDiskEncryptionWindows10/MSFT_IntuneDiskEncryptionWindows10.schema.mof
|
[ClassVersion("1.0.0.0")]
class MSFT_DeviceManagementConfigurationPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; [Write, Description("The group Id that is the target of the assignment.")] String groupId; [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneDiskEncryptionWindows10")] class MSFT_IntuneDiskEncryptionWindows10 : OMI_BaseResource { [Write, Description("Policy description")] String Description; [Key, Description("Policy name")] String DisplayName; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Require Device Encryption (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RequireDeviceEncryption; [Write, Description("Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EncryptionMethodWithXts_Name; [Write, Description("Select the encryption method for operating system drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)"), ValueMap{"3", "4", "6", "7"}, Values{"3", "4", "6", "7"}] String EncryptionMethodWithXtsOsDropDown_Name; [Write, Description("Select the encryption method for fixed data drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)"), ValueMap{"3", "4", "6", "7"}, Values{"3", "4", "6", "7"}] String EncryptionMethodWithXtsFdvDropDown_Name; [Write, Description("Select the encryption method for removable data drives: (3: AES-CBC 128-bit (default), 4: AES-CBC 256-bit, 6: XTS-AES 128-bit, 7: XTS-AES 256-bit)"), ValueMap{"3", "4", "6", "7"}, Values{"3", "4", "6", "7"}] String EncryptionMethodWithXtsRdvDropDown_Name; [Write, Description("Provide the unique identifiers for your organization (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IdentificationField_Name; [Write, Description("BitLocker identification field: (Device)")] String IdentificationField; [Write, Description("Allowed BitLocker identification field: (Device)")] String SecIdentificationField; [Write, Description("Allow Warning For Other Disk Encryption (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWarningForOtherDiskEncryption; [Write, Description("Allow Standard User Encryption (0: This is the default, when the policy is not set. If current logged on user is a standard user, 'RequireDeviceEncryption' policy will not try to enable encryption on any drive., 1: 'RequireDeviceEncryption' policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStandardUserEncryption; [Write, Description("Configure Recovery Password Rotation (0: Refresh off (default), 1: Refresh on for Azure AD-joined devices, 2: Refresh on for both Azure AD-joined and hybrid-joined devices)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String ConfigureRecoveryPasswordRotation; [Write, Description("Enforce drive encryption type on operating system drives (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSEncryptionType_Name; [Write, Description("Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String OSEncryptionTypeDropDown_Name; [Write, Description("Require additional authentication at startup (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureAdvancedStartup_Name; [Write, Description("Configure TPM startup key: (2: Allow startup key with TPM, 1: Require startup key with TPM, 0: Do not allow startup key with TPM)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String ConfigureTPMStartupKeyUsageDropDown_Name; [Write, Description("Configure TPM startup key and PIN: (2: Allow startup key and PIN with TPM, 1: Require startup key and PIN with TPM, 0: Do not allow startup key and PIN with TPM)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String ConfigureTPMPINKeyUsageDropDown_Name; [Write, Description("Configure TPM startup: (2: Allow TPM, 1: Require TPM, 0: Do not allow TPM)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String ConfigureTPMUsageDropDown_Name; [Write, Description("Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureNonTPMStartupKeyUsage_Name; [Write, Description("Configure TPM startup PIN: (2: Allow startup PIN with TPM, 1: Require startup PIN with TPM, 0: Do not allow startup PIN with TPM)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String ConfigurePINUsageDropDown_Name; [Write, Description("Configure minimum PIN length for startup (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MinimumPINLength_Name; [Write, Description("Minimum characters:")] SInt32 MinPINLength; [Write, Description("Allow enhanced PINs for startup (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnhancedPIN_Name; [Write, Description("Disallow standard users from changing the PIN or password (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisallowStandardUsersCanChangePIN_Name; [Write, Description("Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnablePreBootPinExceptionOnDECapableDevice_Name; [Write, Description("Enable use of BitLocker authentication requiring preboot keyboard input on slates (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnablePrebootInputProtectorsOnSlates_Name; [Write, Description("Choose how BitLocker-protected operating system drives can be recovered (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSRecoveryUsage_Name; [Write, Description("Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSRequireActiveDirectoryBackup_Name; [Write, Description("Save BitLocker recovery information to AD DS for operating system drives (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSActiveDirectoryBackup_Name; [Write, Description("Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String OSRecoveryPasswordUsageDropDown_Name; [Write, Description("Omit recovery options from the BitLocker setup wizard (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSHideRecoveryPage_Name; [Write, Description("Allow data recovery agent (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OSAllowDRA_Name; [Write, Description("Configure OS recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String OSRecoveryKeyUsageDropDown_Name; [Write, Description("Configure storage of BitLocker recovery information to AD DS: (1: Store recovery passwords and key packages, 2: Store recovery passwords only)"), ValueMap{"1", "2"}, Values{"1", "2"}] String OSActiveDirectoryBackupDropDown_Name; [Write, Description("Configure pre-boot recovery message and URL (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PrebootRecoveryInfo_Name; [Write, Description("Select an option for the pre-boot recovery message: (0: , 1: Use default recovery message and URL, 2: Use custom recovery message, 3: Use custom recovery URL)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PrebootRecoveryInfoDropDown_Name; [Write, Description("Custom recovery URL option:")] String RecoveryUrl_Input; [Write, Description("Custom recovery message option:")] String RecoveryMessage_Input; [Write, Description("Enforce drive encryption type on fixed data drives (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVEncryptionType_Name; [Write, Description("Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String FDVEncryptionTypeDropDown_Name; [Write, Description("Choose how BitLocker-protected fixed drives can be recovered (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVRecoveryUsage_Name; [Write, Description("Save BitLocker recovery information to AD DS for fixed data drives (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVActiveDirectoryBackup_Name; [Write, Description("Omit recovery options from the BitLocker setup wizard (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVHideRecoveryPage_Name; [Write, Description("Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String FDVRecoveryPasswordUsageDropDown_Name; [Write, Description("Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVRequireActiveDirectoryBackup_Name; [Write, Description("Allow data recovery agent (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVAllowDRA_Name; [Write, Description("Configure storage of BitLocker recovery information to AD DS: (1: Backup recovery passwords and key packages, 2: Backup recovery passwords only)"), ValueMap{"1", "2"}, Values{"1", "2"}] String FDVActiveDirectoryBackupDropDown_Name; [Write, Description("Select the fixed drive recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)"), ValueMap{"2", "1", "0"}, Values{"2", "1", "0"}] String FDVRecoveryKeyUsageDropDown_Name; [Write, Description("Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVDenyWriteAccess_Name; [Write, Description("Control use of BitLocker on removable drives (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVConfigureBDE; [Write, Description("Allow users to apply BitLocker protection on removable data drives (Device) (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVAllowBDE_Name; [Write, Description("Enforce drive encryption type on removable data drives (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVEncryptionType_Name; [Write, Description("Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RDVEncryptionTypeDropDown_Name; [Write, Description("Allow users to suspend and decrypt BitLocker protection on removable data drives (Device) (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVDisableBDE_Name; [Write, Description("Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVDenyWriteAccess_Name; [Write, Description("Do not allow write access to devices configured in another organization (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVCrossOrg; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |