DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
[ClassVersion("1.0.0.0"), FriendlyName("AADConditionalAccessPolicy")]
class MSFT_AADConditionalAccessPolicy : OMI_BaseResource { [Key, Description("DisplayName of the AAD CA Policy")] String DisplayName; [Write, Description("Specifies the GUID for the Policy.")] String Id; [Write, Description("Specifies the State of the Policy."), ValueMap{"disabled","enabled","enabledForReportingButNotEnforced"}, Values{"disabled","enabled","enabledForReportingButNotEnforced"}] String State; [Write, Description("Cloud Apps in scope of the Policy.")] String IncludeApplications[]; [Write, Description("Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID.")] String ApplicationsFilter; [Write, Description("Mode to use for the filter. Possible values are include or exclude."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String ApplicationsFilterMode; [Write, Description("Cloud Apps out of scope of the Policy.")] String ExcludeApplications[]; [Write, Description("User Actions in scope of the Policy.")] String IncludeUserActions[]; [Write, Description("Users in scope of the Policy.")] String IncludeUsers[]; [Write, Description("Users out of scope of the Policy.")] String ExcludeUsers[]; [Write, Description("Groups in scope of the Policy.")] String IncludeGroups[]; [Write, Description("Groups out of scope of the Policy.")] String ExcludeGroups[]; [Write, Description("AAD Admin Roles in scope of the Policy.")] String IncludeRoles[]; [Write, Description("AAD Admin Roles out of scope of the Policy.")] String ExcludeRoles[]; [Write, Description("Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String IncludeGuestOrExternalUserTypes[]; [Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind; [Write, Description("Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String IncludeExternalTenantsMembers[]; [Write, Description("Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String ExcludeGuestOrExternalUserTypes[]; [Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind; [Write, Description("Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String ExcludeExternalTenantsMembers[]; [Write, Description("Service Principals in scope of the Policy. 'Attribute Definition Reader' role is needed.")] String IncludeServicePrincipals[]; [Write, Description("Service Principals out of scope of the Policy. 'Attribute Definition Reader' role is needed.")] String ExcludeServicePrincipals[]; [Write, Description("Mode to use for the Service Principal filter. Possible values are include or exclude. 'Attribute Definition Reader' role is needed."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String ServicePrincipalFilterMode; [Write, Description("Rule syntax for the Service Principal filter. 'Attribute Definition Reader' role is needed.")] String ServicePrincipalFilterRule; [Write, Description("Client Device Platforms in scope of the Policy.")] String IncludePlatforms[]; [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[]; [Write, Description("AAD Named Locations in scope of the Policy.")] String IncludeLocations[]; [Write, Description("AAD Named Locations out of scope of the Policy.")] String ExcludeLocations[]; [Write, Description("Client Device Filter mode of the Policy."), ValueMap{"include","exclude"}, Values{"include","exclude"}] String DeviceFilterMode; [Write, Description("Client Device Filter rule of the Policy.")] String DeviceFilterRule; [Write, Description("AAD Identity Protection User Risk Levels in scope of the Policy.")] String UserRiskLevels[]; [Write, Description("AAD Identity Protection Sign-in Risk Levels in scope of the Policy.")] String SignInRiskLevels[]; [Write, Description("Client App types in scope of the Policy.")] String ClientAppTypes[]; [Write, Description("Operator to be used for Grant Controls."), ValueMap{"AND","OR"}, Values{"AND","OR"}] String GrantControlOperator; [Write, Description("List of built-in Grant Controls to be applied by the Policy.")] String BuiltInControls[]; [Write, Description("Specifies, whether Application Enforced Restrictions are enabled in the Policy.")] Boolean ApplicationEnforcedRestrictionsIsEnabled; [Write, Description("Specifies, whether Cloud App Security is enforced by the Policy.")] Boolean CloudAppSecurityIsEnabled; [Write, Description("Specifies, what Cloud App Security control is enforced by the Policy.")] String CloudAppSecurityType; [Write, Description("Sign in frequency time in the given unit to be enforced by the policy.")] UInt32 SignInFrequencyValue; [Write, Description("Display name of the terms of use to assign.")] String TermsOfUse; [Write, Description("Custom Controls assigned to the grant property of this policy.")] String CustomAuthenticationFactors[]; [Write, Description("Sign in frequency unit (days/hours) to be interpreted by the policy."), ValueMap{"Days","Hours",""}, Values{"Days","Hours",""}] String SignInFrequencyType; [Write, Description("Specifies, whether sign-in frequency is enforced by the Policy.")] Boolean SignInFrequencyIsEnabled; [Write, Description("Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue."), ValueMap{"timeBased","everyTime","unknownFutureValue"}, Values{"timeBased","everyTime","unknownFutureValue"}] String SignInFrequencyInterval; [Write, Description("Specifies, whether Browser Persistence is controlled by the Policy.")] Boolean PersistentBrowserIsEnabled; [Write, Description("Specifies, what Browser Persistence control is enforced by the Policy."), ValueMap{"Always","Never",""}, Values{"Always","Never",""}] String PersistentBrowserMode; [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength; [Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods; [Write, Description("Authentication context class references.")] String AuthenticationContexts[]; [Write, Description("Insider risk levels conditions."), ValueMap{"minor", "moderate", "elevated", "unknownFutureValue"}, Values{"minor", "moderate", "elevated", "unknownFutureValue"}] String InsiderRiskLevels; [Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |