DSCResources/MSFT_SCInsiderRiskPolicy/MSFT_SCInsiderRiskPolicy.schema.mof
|
[ClassVersion("1.0.0.0"), FriendlyName("SCInsiderRiskPolicy")]
class MSFT_SCInsiderRiskPolicy : OMI_BaseResource { [Key, Description("Name of the insider risk policy.")] string Name; [Key, Description("Name of the scenario supported by the policy.")] string InsiderRiskScenario; [Write, Description("Official documentation to come.")] Boolean Anonymization; [Write, Description("Official documentation to come.")] Boolean DLPUserRiskSync; [Write, Description("Official documentation to come.")] Boolean OptInIRMDataExport; [Write, Description("Official documentation to come.")] Boolean RaiseAuditAlert; [Write, Description("Official documentation to come.")] String FileVolCutoffLimits; [Write, Description("Official documentation to come.")] String AlertVolume; [Write, Description("Official documentation to come.")] Boolean AnomalyDetections; [Write, Description("Official documentation to come.")] Boolean CopyToPersonalCloud; [Write, Description("Official documentation to come.")] Boolean CopyToUSB; [Write, Description("Official documentation to come.")] Boolean CumulativeExfiltrationDetector; [Write, Description("Official documentation to come.")] Boolean EmailExternal; [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedEmployeePatientData; [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedFamilyData; [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedHighVolumePatientData; [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedNeighbourData; [Write, Description("Official documentation to come.")] Boolean EmployeeAccessedRestrictedData; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToChildAbuseSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToCriminalActivitySites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToCultSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToGamblingSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToHackingSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToHateIntoleranceSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToIllegalSoftwareSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToKeyloggerSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToLlmSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToMalwareSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToPhishingSites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToPornographySites; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToUnallowedDomain; [Write, Description("Official documentation to come.")] Boolean EpoBrowseToViolenceSites; [Write, Description("Official documentation to come.")] Boolean EpoCopyToClipboardFromSensitiveFile; [Write, Description("Official documentation to come.")] Boolean EpoCopyToNetworkShare; [Write, Description("Official documentation to come.")] Boolean EpoFileArchived; [Write, Description("Official documentation to come.")] Boolean EpoFileCopiedToRemoteDesktopSession; [Write, Description("Official documentation to come.")] Boolean EpoFileDeleted; [Write, Description("Official documentation to come.")] Boolean EpoFileDownloadedFromBlacklistedDomain; [Write, Description("Official documentation to come.")] Boolean EpoFileDownloadedFromEnterpriseDomain; [Write, Description("Official documentation to come.")] Boolean EpoFileRenamed; [Write, Description("Official documentation to come.")] Boolean EpoFileStagedToCentralLocation; [Write, Description("Official documentation to come.")] Boolean EpoHiddenFileCreated; [Write, Description("Official documentation to come.")] Boolean EpoRemovableMediaMount; [Write, Description("Official documentation to come.")] Boolean EpoSensitiveFileRead; [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppDownload; [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppFileDelete; [Write, Description("Official documentation to come.")] Boolean Mcas3rdPartyAppFileSharing; [Write, Description("Official documentation to come.")] Boolean McasActivityFromInfrequentCountry; [Write, Description("Official documentation to come.")] Boolean McasImpossibleTravel; [Write, Description("Official documentation to come.")] Boolean McasMultipleFailedLogins; [Write, Description("Official documentation to come.")] Boolean McasMultipleStorageDeletion; [Write, Description("Official documentation to come.")] Boolean McasMultipleVMCreation; [Write, Description("Official documentation to come.")] Boolean McasMultipleVMDeletion; [Write, Description("Official documentation to come.")] Boolean McasSuspiciousAdminActivities; [Write, Description("Official documentation to come.")] Boolean McasSuspiciousCloudCreation; [Write, Description("Official documentation to come.")] Boolean McasSuspiciousCloudTrailLoggingChange; [Write, Description("Official documentation to come.")] Boolean McasTerminatedEmployeeActivity; [Write, Description("Official documentation to come.")] Boolean OdbDownload; [Write, Description("Official documentation to come.")] Boolean OdbSyncDownload; [Write, Description("Official documentation to come.")] Boolean PeerCumulativeExfiltrationDetector; [Write, Description("Official documentation to come.")] Boolean PhysicalAccess; [Write, Description("Official documentation to come.")] Boolean PotentialHighImpactUser; [Write, Description("Official documentation to come.")] Boolean Print; [Write, Description("Official documentation to come.")] Boolean PriorityUserGroupMember; [Write, Description("Official documentation to come.")] Boolean SecurityAlertDefenseEvasion; [Write, Description("Official documentation to come.")] Boolean SecurityAlertUnwantedSoftware; [Write, Description("Official documentation to come.")] Boolean SpoAccessRequest; [Write, Description("Official documentation to come.")] Boolean SpoApprovedAccess; [Write, Description("Official documentation to come.")] Boolean SpoDownload; [Write, Description("Official documentation to come.")] Boolean SpoDownloadV2; [Write, Description("Official documentation to come.")] Boolean SpoFileAccessed; [Write, Description("Official documentation to come.")] Boolean SpoFileDeleted; [Write, Description("Official documentation to come.")] Boolean SpoFileDeletedFromFirstStageRecycleBin; [Write, Description("Official documentation to come.")] Boolean SpoFileDeletedFromSecondStageRecycleBin; [Write, Description("Official documentation to come.")] Boolean SpoFileLabelDowngraded; [Write, Description("Official documentation to come.")] Boolean SpoFileLabelRemoved; [Write, Description("Official documentation to come.")] Boolean SpoFileSharing; [Write, Description("Official documentation to come.")] Boolean SpoFolderDeleted; [Write, Description("Official documentation to come.")] Boolean SpoFolderDeletedFromFirstStageRecycleBin; [Write, Description("Official documentation to come.")] Boolean SpoFolderDeletedFromSecondStageRecycleBin; [Write, Description("Official documentation to come.")] Boolean SpoFolderSharing; [Write, Description("Official documentation to come.")] Boolean SpoSiteExternalUserAdded; [Write, Description("Official documentation to come.")] Boolean SpoSiteInternalUserAdded; [Write, Description("Official documentation to come.")] Boolean SpoSiteLabelRemoved; [Write, Description("Official documentation to come.")] Boolean SpoSiteSharing; [Write, Description("Official documentation to come.")] Boolean SpoSyncDownload; [Write, Description("Official documentation to come.")] Boolean TeamsChannelFileSharedExternal; [Write, Description("Official documentation to come.")] Boolean TeamsChannelMemberAddedExternal; [Write, Description("Official documentation to come.")] Boolean TeamsChatFileSharedExternal; [Write, Description("Official documentation to come.")] Boolean TeamsFileDownload; [Write, Description("Official documentation to come.")] Boolean TeamsFolderSharedExternal; [Write, Description("Official documentation to come.")] Boolean TeamsMemberAddedExternal; [Write, Description("Official documentation to come.")] Boolean TeamsSensitiveMessage; [Write, Description("Official documentation to come.")] Boolean UserHistory; [Write, Description("Official documentation to come.")] Boolean AWSS3BlockPublicAccessDisabled; [Write, Description("Official documentation to come.")] Boolean AWSS3BucketDeleted; [Write, Description("Official documentation to come.")] Boolean AWSS3PublicAccessEnabled; [Write, Description("Official documentation to come.")] Boolean AWSS3ServerLoggingDisabled; [Write, Description("Official documentation to come.")] Boolean AzureElevateAccessToAllSubscriptions; [Write, Description("Official documentation to come.")] Boolean AzureResourceThreatProtectionSettingsUpdated; [Write, Description("Official documentation to come.")] Boolean AzureSQLServerAuditingSettingsUpdated; [Write, Description("Official documentation to come.")] Boolean AzureSQLServerFirewallRuleDeleted; [Write, Description("Official documentation to come.")] Boolean AzureSQLServerFirewallRuleUpdated; [Write, Description("Official documentation to come.")] Boolean AzureStorageAccountOrContainerDeleted; [Write, Description("Official documentation to come.")] Boolean BoxContentAccess; [Write, Description("Official documentation to come.")] Boolean BoxContentDelete; [Write, Description("Official documentation to come.")] Boolean BoxContentDownload; [Write, Description("Official documentation to come.")] Boolean BoxContentExternallyShared; [Write, Description("Official documentation to come.")] Boolean CCFinancialRegulatoryRiskyTextSent; [Write, Description("Official documentation to come.")] Boolean CCInappropriateContentSent; [Write, Description("Official documentation to come.")] Boolean CCInappropriateImagesSent; [Write, Description("Official documentation to come.")] Boolean DropboxContentAccess; [Write, Description("Official documentation to come.")] Boolean DropboxContentDelete; [Write, Description("Official documentation to come.")] Boolean DropboxContentDownload; [Write, Description("Official documentation to come.")] Boolean DropboxContentExternallyShared; [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentAccess; [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentDelete; [Write, Description("Official documentation to come.")] Boolean GoogleDriveContentExternallyShared; [Write, Description("Official documentation to come.")] Boolean PowerBIDashboardsDeleted; [Write, Description("Official documentation to come.")] Boolean PowerBIReportsDeleted; [Write, Description("Official documentation to come.")] Boolean PowerBIReportsDownloaded; [Write, Description("Official documentation to come.")] Boolean PowerBIReportsExported; [Write, Description("Official documentation to come.")] Boolean PowerBIReportsViewed; [Write, Description("Official documentation to come.")] Boolean PowerBISemanticModelsDeleted; [Write, Description("Official documentation to come.")] Boolean PowerBISensitivityLabelDowngradedForArtifacts; [Write, Description("Official documentation to come.")] Boolean PowerBISensitivityLabelRemovedFromArtifacts; [Write, Description("Official documentation to come.")] String HistoricTimeSpan; [Write, Description("Official documentation to come.")] String InScopeTimeSpan; [Write, Description("Official documentation to come.")] Boolean EnableTeam; [Write, Description("Official documentation to come.")] Boolean AnalyticsNewInsightEnabled; [Write, Description("Official documentation to come.")] Boolean AnalyticsTurnedOffEnabled; [Write, Description("Official documentation to come.")] Boolean HighSeverityAlertsEnabled; [Write, Description("Official documentation to come.")] String HighSeverityAlertsRoleGroups[]; [Write, Description("Official documentation to come.")] Boolean PoliciesHealthEnabled; [Write, Description("Official documentation to come.")] String PoliciesHealthRoleGroups[]; [Write, Description("Official documentation to come.")] Boolean NotificationDetailsEnabled; [Write, Description("Official documentation to come.")] String NotificationDetailsRoleGroups[]; [Write, Description("Official documentation to come.")] Boolean ClipDeletionEnabled; [Write, Description("Official documentation to come.")] Boolean SessionRecordingEnabled; [Write, Description("Official documentation to come.")] String RecordingTimeframePreEventInSec; [Write, Description("Official documentation to come.")] String RecordingTimeframePostEventInSec; [Write, Description("Official documentation to come.")] String BandwidthCapInMb; [Write, Description("Official documentation to come.")] String OfflineRecordingStorageLimitInMb; [Write, Description("Determines if Adaptive Protection is enabled for Purview.")] Boolean AdaptiveProtectionEnabled; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileSourceType; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileConfirmedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileGeneratedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileInsightSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionHighProfileInsightCount; [Write, Description("Official documentation to come.")] String AdaptiveProtectionHighProfileInsightTypes[]; [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionHighProfileConfirmedIssue; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileSourceType; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileConfirmedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileGeneratedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileInsightSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionMediumProfileInsightCount; [Write, Description("Official documentation to come.")] String AdaptiveProtectionMediumProfileInsightTypes[]; [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionMediumProfileConfirmedIssue; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileSourceType; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileConfirmedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileGeneratedIssueSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileInsightSeverity; [Write, Description("Official documentation to come.")] UInt32 AdaptiveProtectionLowProfileInsightCount; [Write, Description("Official documentation to come.")] String AdaptiveProtectionLowProfileInsightTypes[]; [Write, Description("Official documentation to come.")] Boolean AdaptiveProtectionLowProfileConfirmedIssue; [Write, Description("Official documentation to come.")] Boolean RetainSeverityAfterTriage; [Write, Description("Official documentation to come.")] UInt32 LookbackTimeSpan; [Write, Description("Official documentation to come.")] UInt32 ProfileInScopeTimeSpan; [Write, Description("Official documentation to come.")] UInt32 GPUUtilizationLimit; [Write, Description("Official documentation to come.")] UInt32 CPUUtilizationLimit; [Write, Description("Official documentation to come.")] String MDATPTriageStatus; [Write, Description("Present ensures the instance exists, absent ensures it is removed."), ValueMap{"Absent","Present"}, Values{"Absent","Present"}] string Ensure; [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |