DSCResources/MSFT_IntuneSecurityBaselineHoloLens2Advanced/MSFT_IntuneSecurityBaselineHoloLens2Advanced.schema.mof
|
[ClassVersion("1.0.0.0")]
class MSFT_DeviceManagementConfigurationPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; [Write, Description("The group Id that is the target of the assignment.")] String groupId; [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneSecurityBaselineHoloLens2Advanced")] class MSFT_IntuneSecurityBaselineHoloLens2Advanced : OMI_BaseResource { [Write, Description("Policy description")] String Description; [Key, Description("Policy name")] String DisplayName; [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Write, Description("Deletion Policy (0: Delete immediately upon device returning to a state with no currently active users), 1: Delete at storage capacity threshold, 2: Delete at both storage capacity threshold and profile inactivity threshold)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DeletionPolicy; [Write, Description("Enable Profile Manager (false: False, true: True)"), ValueMap{"false", "true"}, Values{"false", "true"}] String EnableProfileManager; [Write, Description("Profile Inactivity Threshold")] SInt32 ProfileInactivityThreshold; [Write, Description("Storage Capacity Start Deletion")] SInt32 StorageCapacityStartDeletion; [Write, Description("Storage Capacity Stop Deletion")] SInt32 StorageCapacityStopDeletion; [Write, Description("Allow Microsoft Account Connection (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowMicrosoftAccountConnection; [Write, Description("Turn off the display (plugged in) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String VideoPowerDownTimeOutAC_2; [Write, Description("When plugged in, turn display off after (seconds) - Depends on VideoPowerDownTimeOutAC_2")] SInt32 EnterVideoACPowerDownTimeOut; [Write, Description("Allow Autofill (0: Prevented/Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowAutofill; [Write, Description("Allow Cookies (0: Block all cookies from all sites, 1: Block only cookies from third party websites, 2: Allow all cookies from all sites)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowCookies; [Write, Description("Allow Do Not Track (0: Never send tracking information., 1: Send tracking information.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDoNotTrack; [Write, Description("Allow Password Manager (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPasswordManager; [Write, Description("Allow Popups (0: Turn off Pop-up Blocker letting pop-up windows open., 1: Turn on Pop-up Blocker stopping pop-up windows from opening.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPopups; [Write, Description("Allow Search Suggestionsin Address Bar (0: Prevented/Not allowed. Hide the search suggestions., 1: Allowed. Show the search suggestions.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSearchSuggestionsinAddressBar; [Write, Description("Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSmartScreen; [Write, Description("Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowBluetooth; [Write, Description("Allow USB Connection (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUSBConnection; [Write, Description("Device Password Enabled (0: Enabled, 1: Disabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DevicePasswordEnabled; [Write, Description("Device Password Expiration - Depends on DevicePasswordEnabled")] SInt32 DevicePasswordExpiration; [Write, Description("Min Device Password Length - Depends on DevicePasswordEnabled")] SInt32 MinDevicePasswordLength; [Write, Description("Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AlphanumericDevicePasswordRequired; [Write, Description("Max Device Password Failed Attempts - Depends on DevicePasswordEnabled")] SInt32 MaxDevicePasswordFailedAttempts; [Write, Description("Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] String MinDevicePasswordComplexCharacters; [Write, Description("Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled")] SInt32 MaxInactivityTimeDeviceLock; [Write, Description("Device Password History - Depends on DevicePasswordEnabled")] SInt32 DevicePasswordHistory; [Write, Description("Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSimpleDevicePassword; [Write, Description("Allow Manual MDM Unenrollment (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowManualMDMUnenrollment; [Write, Description("Allow All Trusted Apps (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)"), ValueMap{"0", "1", "65535"}, Values{"0", "1", "65535"}] String AllowAllTrustedApps; [Write, Description("Allow apps from the Microsoft app store to auto update (0: Not allowed., 1: Allowed., 2: Not configured.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowAppStoreAutoUpdate; [Write, Description("Allow Developer Unlock (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)"), ValueMap{"0", "1", "65535"}, Values{"0", "1", "65535"}] String AllowDeveloperUnlock; [Write, Description("Block third party cookies (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String BlockThirdPartyCookies; [Write, Description("Configure Do Not Track (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureDoNotTrack; [Write, Description("Default pop-up window setting (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftEdge_ContentSettings_DefaultPopupsSetting; [Write, Description("Default pop-up window setting (Device) - Depends on MicrosoftEdge_ContentSettings_DefaultPopupsSetting (1: Allow all sites to show pop-ups, 2: Do not allow any site to show popups)"), ValueMap{"1", "2"}, Values{"1", "2"}] String DefaultPopupsSetting_DefaultPopupsSetting; [Write, Description("Enable AutoFill for addresses (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AutofillAddressEnabled; [Write, Description("Enable AutoFill for payment instruments (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AutofillCreditCardEnabled; [Write, Description("Enable search suggestions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String SearchSuggestEnabled; [Write, Description("Control which extensions cannot be installed (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ExtensionInstallBlocklist; [Write, Description("Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist")] String ExtensionInstallBlocklistDesc[]; [Write, Description("Configures a setting that asks users to enter their device password while using password autofill (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftEdge_PasswordManager_PrimaryPasswordSetting; [Write, Description("Configures a setting that asks users to enter their device password while using password autofill (Device) - Depends on MicrosoftEdge_PasswordManager_PrimaryPasswordSetting (0: Automatically, 1: With device password, 2: With custom primary password, 3: Autofill off)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PrimaryPasswordSetting_PrimaryPasswordSetting; [Write, Description("Enable saving passwords to the password manager (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PasswordManagerEnabled; [Write, Description("Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String SmartScreenEnabled; [Write, Description("AAD Group Membership Cache Validity In Days")] SInt32 AADGroupMembershipCacheValidityInDays; [Write, Description("Let Apps Access Account Info (0: User in control., 1: Force allow., 2: Force deny.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LetAppsAccessAccountInfo; [Write, Description("Let Apps Access Account Info Force Allow These Apps")] String LetAppsAccessAccountInfo_ForceAllowTheseApps[]; [Write, Description("Let Apps Access Background Spatial Perception (0: User in control., 1: Force allow., 2: Force deny.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LetAppsAccessBackgroundSpatialPerception; [Write, Description("Let Apps Access Background Spatial Perception Force Allow These Apps")] String LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps[]; [Write, Description("Let Apps Access Camera (0: User in control., 1: Force allow., 2: Force deny.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LetAppsAccessCamera; [Write, Description("Let Apps Access Camera Force Allow These Apps")] String LetAppsAccessCamera_ForceAllowTheseApps[]; [Write, Description("Let Apps Access Microphone (0: User in control., 1: Force allow., 2: Force deny.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LetAppsAccessMicrophone; [Write, Description("Let Apps Access Microphone Force Allow These Apps")] String LetAppsAccessMicrophone_ForceAllowTheseApps[]; [Write, Description("Allow Search To Use Location (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSearchToUseLocation; [Write, Description("Allow Add Provisioning Package (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowAddProvisioningPackage; [Write, Description("Allow VPN (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowVPN; [Write, Description("Page Visibility List")] String PageVisibilityList; [Write, Description("Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStorageCard; [Write, Description("Allow Telemetry (0: Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender. Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1., 1: Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level., 3: Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.)"), ValueMap{"0", "1", "3"}, Values{"0", "1", "3"}] String AllowTelemetry; [Write, Description("Allow Manual Wi Fi Configuration (0: No Wi-Fi connection outside of MDM provisioned network is allowed., 1: Adding new network SSIDs beyond the already MDM provisioned ones is allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowManualWiFiConfiguration; [Write, Description("Enable Pin Recovery - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String EnablePinRecovery; [Write, Description("Restrict use of TPM 1.2 - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String TPM12; [Write, Description("Digits - Depends on TenantId (0: Allows the use of digits in PIN., 1: Requires the use of at least one digits in PIN., 2: Does not allow the use of digits in PIN.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String Digits; [Write, Description("Expiration - Depends on TenantId")] SInt32 Expiration; [Write, Description("PIN History - Depends on TenantId")] SInt32 History; [Write, Description("Lowercase Letters - Depends on TenantId (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LowercaseLetters; [Write, Description("Maximum PIN Length - Depends on TenantId")] SInt32 MaximumPINLength; [Write, Description("Minimum PIN Length - Depends on TenantId")] SInt32 MinimumPINLength; [Write, Description("Special Characters - Depends on TenantId (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String SpecialCharacters; [Write, Description("Uppercase Letters - Depends on TenantId (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String UppercaseLetters; [Write, Description("Require Security Device - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String RequireSecurityDevice; [Write, Description("Use Certificate For On Prem Auth - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String UseCertificateForOnPremAuth; [Write, Description("Use Hello Certificates As Smart Card Certificates - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String UseHelloCertificatesAsSmartCardCertificates; [Write, Description("Use Windows Hello For Business (Device) - Depends on TenantId (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String UsePassportForWork; [Write, Description("Allow Update Service (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUpdateService; [Write, Description("Manage Preview Builds (0: Disable Preview builds, 1: Disable Preview builds once the next release is public, 2: Enable Preview builds, 3: Preview builds is left to user selection)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ManagePreviewBuilds; [Write, Description("Require Network In OOBE (Device) (true: true, false: false)"), ValueMap{"true", "false"}, Values{"true", "false"}] String RequireNetworkInOOBE; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; [Write, Description("Access token used for authentication.")] String AccessTokens[]; }; |