DSCResources/MSFT_IntuneAppProtectionPolicyAndroid/MSFT_IntuneAppProtectionPolicyAndroid.schema.mof
|
[ClassVersion("1.0.0.0"), FriendlyName("IntuneAppProtectionPolicyAndroid")]
class MSFT_IntuneAppProtectionPolicyAndroid : OMI_BaseResource { [Key, Description("Display name of the Android App Protection Policy.")] String DisplayName; [Write, Description("Description of the Android App Protection Policy.")] String Description; [Write, Description("List of allowed Android device models.")] string AllowedAndroidDeviceModels[]; [Write, Description("Maximum length of outbound clipboard sharing exceptions.")] uint32 AllowedOutboundClipboardSharingExceptionLength; [Write, Description("Indicates whether biometric authentication is blocked.")] boolean BiometricAuthenticationBlocked; [Write, Description("Number of days to block access after a company portal update deferral.")] uint32 BlockAfterCompanyPortalUpdateDeferralInDays; [Write, Description("Indicates whether data ingestion into organization documents is blocked.")] boolean BlockDataIngestionIntoOrganizationDocuments; [Write, Description("Indicates whether to connect to VPN on launch.")] boolean ConnectToVpnOnLaunch; [Write, Description("Display name of the custom dialer app.")] string CustomDialerAppDisplayName; [Write, Description("Package ID of the custom dialer app.")] string CustomDialerAppPackageId; [Write, Description("Indicates whether device lock is required.")] boolean DeviceLockRequired; [Write, Description("Indicates whether fingerprint and biometric authentication are enabled.")] boolean FingerprintAndBiometricEnabled; [Write, Description("Indicates whether keyboards are restricted.")] boolean KeyboardsRestricted; [Write, Description("Display name of the messaging redirect app.")] string MessagingRedirectAppDisplayName; [Write, Description("Package ID of the messaging redirect app.")] string MessagingRedirectAppPackageId; [Write, Description("Minimum required patch version for wipe.")] string MinimumWipePatchVersion; [Write, Description("Number of previous PIN block counts.")] uint32 PreviousPinBlockCount; [Write, Description("Number of days to warn after a company portal update deferral.")] uint32 WarnAfterCompanyPortalUpdateDeferralInDays; [Write, Description("Number of days to wipe after a company portal update deferral.")] uint32 WipeAfterCompanyPortalUpdateDeferralInDays; [Write, Description("Sources from which data is allowed to be transferred.")] String Alloweddataingestionlocations[]; [Write, Description("Defines a managed app behavior, either block or wipe, if the specified device manufacturer is not allowed."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfAndroidDeviceManufacturerNotAllowed; [Write, Description("Defines a managed app behavior, either block or wipe, if the specified device model is not allowed."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfAndroidDeviceModelNotAllowed; [Write, Description("Defines a managed app behavior, either warn or block, if the specified Android App Verification requirement fails."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfAndroidSafetyNetAppsVerificationFailed; [Write, Description("Defines a managed app behavior, either warn or block, if the specified Android SafetyNet Attestation requirement fails."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfAndroidSafetyNetDeviceAttestationFailed; [Write, Description("Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfDeviceComplianceRequired; [Write, Description("Defines a managed app behavior, either warn, block, or wipe, if the screen lock is required on an Android device but is not set."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfDeviceLockNotSet; [Write, Description("Defines a managed app behavior, either block or wipe, based on the maximum number of incorrect pin retry attempts."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String AppActionIfMaximumPinRetriesExceeded; [Write, Description("Specifies what action to take in the case where the user is unable to check in because their authentication token is invalid, such as when the user is deleted or disabled in Azure AD."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "BlockWhenSettingIsSupported"}] String appActionIfUnableToAuthenticateUser; [Write, Description("Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property."), ValueMap{"block", "wipe", "warn", "blockWhenSettingIsSupported"}, Values{"block", "wipe", "warn", "blockWhenSettingIsSupported"}] String MobileThreatDefenseRemediationAction; [Write, Description("The classes of dialer apps that are allowed to click-to-open a phone number. Inherited from managedAppProtection."), ValueMap{"allApps", "managedApps", "customApp", "blocked"}, Values{"allApps", "managedApps", "customApp", "blocked"}] String DialerRestrictionLevel; [Write, Description("Maximum allowed device threat level, as reported by the MTD app. Inherited from managedAppProtection."), ValueMap{"notConfigured", "secured", "low", "medium", "high"}, Values{"notConfigured", "secured", "low", "medium", "high"}] String MaximumAllowedDeviceThreatLevel; [Write, Description("Specify app notification restriction. Inherited from managedAppProtection."), ValueMap{"allow", "blockOrganizationalData", "block"}, Values{"allow", "blockOrganizationalData", "block"}] String NotificationRestriction; [Write, Description("Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection."), ValueMap{"anyApp", "anyManagedApp", "specificApps", "blocked"}, Values{"anyApp", "anyManagedApp", "specificApps", "blocked"}] String ProtectedMessagingRedirectAppType; [Write, Description("Defines the Android SafetyNet Apps Verification requirement for a managed app to work."), ValueMap{"none", "enabled"}, Values{"none", "enabled"}] String RequiredAndroidSafetyNetAppsVerificationType; [Write, Description("Defines the Android SafetyNet Device Attestation requirement for a managed app to work."), ValueMap{"none", "basicIntegrity", "basicIntegrityAndDeviceCertification"}, Values{"none", "basicIntegrity", "basicIntegrityAndDeviceCertification"}] String RequiredAndroidSafetyNetDeviceAttestationType; [Write, Description("Defines the Android SafetyNet evaluation type requirement for a managed app to work."), ValueMap{"basic", "hardwareBacked"}, Values{"basic", "hardwareBacked"}] String RequiredAndroidSafetyNetEvaluationType; [Write, Description("The intended app management levels for this policy. Inherited from targetedManagedAppProtection."), ValueMap{"unspecified", "unmanaged", "mdm", "androidEnterprise", "androidEnterpriseDedicatedDevicesWithAzureAdSharedMode", "androidOpenSourceProjectUserAssociated", "androidOpenSourceProjectUserless", "unknownFutureValue"}, Values{"unspecified", "unmanaged", "mdm", "androidEnterprise", "androidEnterpriseDedicatedDevicesWithAzureAdSharedMode", "androidOpenSourceProjectUserAssociated", "androidOpenSourceProjectUserless", "unknownFutureValue"}] String TargetedAppManagementLevels; [Write, Description("If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name.")] String ApprovedKeyboards[]; [Write, Description("App packages in this list will be exempt from the policy and will be able to receive data from managed apps.")] String Exemptedapppackages[]; [Write, Description("The period after which access is checked when the device is not connected to the internet.")] String PeriodOfflineBeforeAccessCheck; [Write, Description("The period after which access is checked when the device is connected to the internet.")] String PeriodOnlineBeforeAccessCheck; [Write, Description("Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none."), ValueMap{"allApps","managedApps", "none"}, Values{"allApps","managedApps", "none"}] String AllowedInboundDataTransferSources; [Write, Description("Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none."), ValueMap{"allApps","managedApps", "none"}, Values{"allApps","managedApps", "none"}] String AllowedOutboundDataTransferDestinations; [Write, Description("Indicates whether organizational credentials are required for app use.")] Boolean OrganizationalCredentialsRequired; [Write, Description("The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked."), ValueMap{"allApps","managedAppsWithPasteIn","managedApps", "blocked"}, Values{"allApps","managedAppsWithPasteIn","managedApps", "blocked"}] String AllowedOutboundClipboardSharingLevel; [Write, Description("Indicates whether the backup of a managed app's data is blocked.")] Boolean DataBackupBlocked; [Write, Description("Indicates whether device compliance is required.")] Boolean DeviceComplianceRequired; [Write, Description("Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for Android) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).")] Boolean ManagedBrowserToOpenLinksRequired; [Write, Description("Indicates whether users may use the Save As menu item to save a copy of protected files.")] Boolean SaveAsBlocked; [Write, Description("The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.")] String PeriodOfflineBeforeWipeIsEnforced; [Write, Description("Indicates whether an app-level pin is required.")] Boolean PinRequired; [write, description("Indicates whether use of the app pin is required if the device pin is set.")] Boolean DisableAppPinIfDevicePinIsSet; [Write, Description("Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.")] UInt32 MaximumPinRetries; [Write, Description("Block simple PIN and require complex PIN to be set.")] Boolean SimplePinBlocked; [Write, Description("Minimum pin length required for an app-level pin if PinRequired is set to True.")] UInt32 MinimumPinLength; [Write, Description("Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol."), ValueMap{"numeric","alphanumericAndSymbol"}, Values{"numeric","alphanumericAndSymbol"}] String PinCharacterSet; [Write, Description("Data storage locations where a user may store managed data.")] String AllowedDataStorageLocations[]; [Write, Description("Indicates whether contacts can be synced to the user's device.")] Boolean ContactSyncBlocked; [Write, Description("TimePeriod before the all-level pin must be reset if PinRequired is set to True.")] String PeriodBeforePinReset; [Write, Description("Indicates whether printing is allowed from managed apps.")] Boolean PrintBlocked; [Write, Description("Require user to apply Class 3 Biometrics on their Android device.")] Boolean RequireClass3Biometrics; [Write, Description("A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.")] Boolean RequirePinAfterBiometricChange; [Write, Description("Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.")] Boolean FingerprintBlocked; [Write, Description("List of IDs representing the Android apps controlled by this protection policy.")] String Apps[]; [Write, Description("List of IDs of the groups assigned to this Android Protection Policy.")] String Assignments[]; [Write, Description("List of IDs of the groups that are excluded from this Android Protection Policy.")] String ExcludedGroups[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("ID of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("ID of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Indicates in which managed browser(s) that internet links should be opened. Used in conjunction with CustomBrowserPackageId, CustomBrowserDisplayName and ManagedBrowserToOpenLinksRequired. Possible values are: notConfigured, microsoftEdge."), ValueMap{"notConfigured","microsoftEdge"}, Values{"notConfigured","microsoftEdge"}] String ManagedBrowser; [Write, Description("Versions less than the specified version will block the managed app from accessing company data.")] String MinimumRequiredAppVersion; [Write, Description("Versions less than the specified version will block the managed app from accessing company data.")] String MinimumRequiredOSVersion; [Write, Description("Versions less than the specified version will block the managed app from accessing company data.")] String MinimumRequiredPatchVersion; [Write, Description("Versions less than the specified version will result in warning message on the managed app")] String MinimumWarningAppVersion; [Write, Description("Versions less than the specified version will result in warning message on the managed app")] String MinimumWarningOSVersion; [Write, Description("Versions less than the specified version will result in warning message on the managed app")] String MinimumWarningPatchVersion; [Write, Description("The apps controlled by this protection policy, overrides any values in Apps unless this value is 'selectedPublicApps'."),ValueMap{"allApps", "allMicrosoftApps", "allCoreMicrosoftApps", "selectedPublicApps"}, Values{"allApps", "allMicrosoftApps", "allCoreMicrosoftApps", "selectedPublicApps"}] String AppGroupType; [Write, Description("Indicates if the policy is deployed to any inclusion groups or not. Inherited from targetedManagedAppProtection.")] Boolean IsAssigned; [Write, Description("Indicates whether or not to Block the user from taking Screenshots.")] Boolean ScreenCaptureBlocked; [Write, Description("Indicates whether or not the 'Encrypt org data' value is enabled. True = require")] Boolean EncryptAppData; [Write, Description("Indicates whether or not the 'Encrypt org data on enrolled devices' value is enabled. False = require. Only functions if EncryptAppData is set to True")] Boolean DisableAppEncryptionIfDeviceEncryptionIsEnabled; [Write, Description("The application name for browser associated with the 'Unmanaged Browser ID'. This name will be displayed to users if the specified browser is not installed.")] String CustomBrowserDisplayName; [Write, Description("The application ID for a single browser. Web content (http/s) from policy managed applications will open in the specified browser.")] String CustomBrowserPackageId; [Write, Description("Id of the Intune policy. To avoid creation of duplicate policies DisplayName will be searched for if the ID is not found")] String Id; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |