DSCResources/MSFT_AADAuthenticationMethodPolicyFido2/MSFT_AADAuthenticationMethodPolicyFido2.schema.mof

[ClassVersion("1.0.0")]
class MSFT_MicrosoftGraphFido2KeyRestrictions
{
    [Write, Description("A collection of Authenticator Attestation GUIDs. AADGUIDs define key types and manufacturers.")] String AaGuids[];
    [Write, Description("Enforcement type. Possible values are: allow, block."), ValueMap{"allow","block","unknownFutureValue"}, Values{"allow","block","unknownFutureValue"}] String EnforcementType;
    [Write, Description("Determines if the configured key enforcement is enabled.")] Boolean IsEnforced;
};
[ClassVersion("1.0.0")]
class MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget
{
    [Write, Description("The object identifier of an Azure AD group.")] String Id;
    [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
 
class MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget
{
    [Write, Description("The object identifier of an Azure AD group.")] String Id;
    [Write, Description("The type of the authentication method target. Possible values are: group and unknownFutureValue."), ValueMap{"user","group","unknownFutureValue"}, Values{"user","group","unknownFutureValue"}] String TargetType;
};
 
[ClassVersion("1.0.0.0"), FriendlyName("AADAuthenticationMethodPolicyFido2")]
class MSFT_AADAuthenticationMethodPolicyFido2 : OMI_BaseResource
{
    [Write, Description("Determines whether attestation must be enforced for FIDO2 security key registration.")] Boolean IsAttestationEnforced;
    [Write, Description("Determines if users can register new FIDO2 security keys.")] Boolean IsSelfServiceRegistrationAllowed;
    [Write, Description("Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (e.g. make and model) of the authenticator."), EmbeddedInstance("MSFT_MicrosoftGraphfido2KeyRestrictions")] String KeyRestrictions;
    [Write, Description("Displayname of the groups of users that are excluded from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget")] String ExcludeTargets[];
    [Write, Description("Displayname of the groups of users that are included from a policy."), EmbeddedInstance("MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget")] String IncludeTargets[];
    [Write, Description("The state of the policy. Possible values are: enabled, disabled."), ValueMap{"enabled","disabled"}, Values{"enabled","disabled"}] String State;
    [Key, Description("The unique identifier for an entity. Read-only.")] String Id;
    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
    [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
};