DscConfig.M365

0.6.1-preview0001

DSCResources/cIntuneAppProtectionPolicyAndroid/cIntuneAppProtectionPolicyAndroid.schema.psm1

configuration cIntuneAppProtectionPolicyAndroid {
    param (
        [Parameter()]
        [hashtable[]]
        $Items,
        [Parameter()]
        [string]
        $TenantId,

        [Parameter()]
        [bool]
        $ManagedIdentity,

        [Parameter()]
        [pscredential]
        $Credential,

        [Parameter()]
        [string]
        $CertificateThumbprint,

        [Parameter()]
        [pscredential]
        $ApplicationSecret,

        [Parameter()]
        [string]
        $ApplicationId,

        [Parameter()]
        [string[]]
        $AccessTokens
)

<#
IntuneAppProtectionPolicyAndroid [String] #ResourceName
{
    DisplayName = [string]
    [AccessTokens = [string[]]]
    [AllowedAndroidDeviceModels = [string[]]]
    [Alloweddataingestionlocations = [string[]]]
    [AllowedDataStorageLocations = [string[]]]
    [AllowedInboundDataTransferSources = [string]{ allApps | managedApps | none }]
    [AllowedOutboundClipboardSharingExceptionLength = [UInt32]]
    [AllowedOutboundClipboardSharingLevel = [string]{ allApps | blocked | managedApps | managedAppsWithPasteIn }]
    [AllowedOutboundDataTransferDestinations = [string]{ allApps | managedApps | none }]
    [AppActionIfAndroidDeviceManufacturerNotAllowed = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfAndroidDeviceModelNotAllowed = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfAndroidSafetyNetAppsVerificationFailed = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfAndroidSafetyNetDeviceAttestationFailed = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfDeviceComplianceRequired = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfDeviceLockNotSet = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [AppActionIfMaximumPinRetriesExceeded = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [appActionIfUnableToAuthenticateUser = [string]{ block | BlockWhenSettingIsSupported | warn | wipe }]
    [AppGroupType = [string]{ allApps | allCoreMicrosoftApps | allMicrosoftApps | selectedPublicApps }]
    [ApplicationId = [string]]
    [ApplicationSecret = [PSCredential]]
    [ApprovedKeyboards = [string[]]]
    [Apps = [string[]]]
    [Assignments = [string[]]]
    [BiometricAuthenticationBlocked = [bool]]
    [BlockAfterCompanyPortalUpdateDeferralInDays = [UInt32]]
    [BlockDataIngestionIntoOrganizationDocuments = [bool]]
    [CertificateThumbprint = [string]]
    [ConnectToVpnOnLaunch = [bool]]
    [ContactSyncBlocked = [bool]]
    [Credential = [PSCredential]]
    [CustomBrowserDisplayName = [string]]
    [CustomBrowserPackageId = [string]]
    [CustomDialerAppDisplayName = [string]]
    [CustomDialerAppPackageId = [string]]
    [DataBackupBlocked = [bool]]
    [DependsOn = [string[]]]
    [Description = [string]]
    [DeviceComplianceRequired = [bool]]
    [DeviceLockRequired = [bool]]
    [DialerRestrictionLevel = [string]{ allApps | blocked | customApp | managedApps }]
    [DisableAppEncryptionIfDeviceEncryptionIsEnabled = [bool]]
    [DisableAppPinIfDevicePinIsSet = [bool]]
    [EncryptAppData = [bool]]
    [Ensure = [string]{ Absent | Present }]
    [ExcludedGroups = [string[]]]
    [ExemptedAppPackages = [string[]]]
    [FingerprintAndBiometricEnabled = [bool]]
    [FingerprintBlocked = [bool]]
    [Id = [string]]
    [IsAssigned = [bool]]
    [KeyboardsRestricted = [bool]]
    [ManagedBrowser = [string]{ microsoftEdge | notConfigured }]
    [ManagedBrowserToOpenLinksRequired = [bool]]
    [ManagedIdentity = [bool]]
    [MaximumAllowedDeviceThreatLevel = [string]{ high | low | medium | notConfigured | secured }]
    [MaximumPinRetries = [UInt32]]
    [MessagingRedirectAppDisplayName = [string]]
    [MessagingRedirectAppPackageId = [string]]
    [MinimumPinLength = [UInt32]]
    [MinimumRequiredAppVersion = [string]]
    [MinimumRequiredOSVersion = [string]]
    [MinimumRequiredPatchVersion = [string]]
    [MinimumWarningAppVersion = [string]]
    [MinimumWarningOSVersion = [string]]
    [MinimumWarningPatchVersion = [string]]
    [MinimumWipePatchVersion = [string]]
    [MobileThreatDefenseRemediationAction = [string]{ block | blockWhenSettingIsSupported | warn | wipe }]
    [NotificationRestriction = [string]{ allow | block | blockOrganizationalData }]
    [OrganizationalCredentialsRequired = [bool]]
    [PeriodBeforePinReset = [string]]
    [PeriodOfflineBeforeAccessCheck = [string]]
    [PeriodOfflineBeforeWipeIsEnforced = [string]]
    [PeriodOnlineBeforeAccessCheck = [string]]
    [PinCharacterSet = [string]{ alphanumericAndSymbol | numeric }]
    [PinRequired = [bool]]
    [PreviousPinBlockCount = [UInt32]]
    [PrintBlocked = [bool]]
    [ProtectedMessagingRedirectAppType = [string]{ anyApp | anyManagedApp | blocked | specificApps }]
    [PsDscRunAsCredential = [PSCredential]]
    [RequireClass3Biometrics = [bool]]
    [RequiredAndroidSafetyNetAppsVerificationType = [string]{ enabled | none }]
    [RequiredAndroidSafetyNetDeviceAttestationType = [string]{ basicIntegrity | basicIntegrityAndDeviceCertification | none }]
    [RequiredAndroidSafetyNetEvaluationType = [string]{ basic | hardwareBacked }]
    [RequirePinAfterBiometricChange = [bool]]
    [SaveAsBlocked = [bool]]
    [ScreenCaptureBlocked = [bool]]
    [SimplePinBlocked = [bool]]
    [TargetedAppManagementLevels = [string]{ androidEnterprise | androidEnterpriseDedicatedDevicesWithAzureAdSharedMode | androidOpenSourceProjectUserAssociated | androidOpenSourceProjectUserless | mdm | unknownFutureValue | unmanaged | unspecified }]
    [TenantId = [string]]
    [WarnAfterCompanyPortalUpdateDeferralInDays = [UInt32]]
    [WipeAfterCompanyPortalUpdateDeferralInDays = [UInt32]]
}
 
#>


    Import-DscResource -ModuleName PSDesiredStateConfiguration
    Import-DscResource -ModuleName Microsoft365DSC

    $dscResourceName = 'IntuneAppProtectionPolicyAndroid'

    $param = $PSBoundParameters
    $param.Remove("InstanceName")

    $dscParameterKeys = 'DisplayName' -split ', '

        foreach ($item in $Items)
        {
            if (-not $item.ContainsKey('Ensure'))
            {
                $item.Ensure = 'Present'
            }

            if (-not $item.ContainsKey('TenantId') -and $param.ContainsKey('TenantId'))
            {
                $item.TenantId = $TenantId
            }

            if (-not $item.ContainsKey('ManagedIdentity') -and $param.ContainsKey('ManagedIdentity'))
            {
                $item.ManagedIdentity = $ManagedIdentity
            }

            if (-not $item.ContainsKey('Credential') -and $param.ContainsKey('Credential'))
            {
                $item.Credential = $Credential
            }

            if (-not $item.ContainsKey('CertificateThumbprint') -and $param.ContainsKey('CertificateThumbprint'))
            {
                $item.CertificateThumbprint = $CertificateThumbprint
            }

            if (-not $item.ContainsKey('ApplicationSecret') -and $param.ContainsKey('ApplicationSecret'))
            {
                $item.ApplicationSecret = $ApplicationSecret
            }

            if (-not $item.ContainsKey('ApplicationId') -and $param.ContainsKey('ApplicationId'))
            {
                $item.ApplicationId = $ApplicationId
            }

            if (-not $item.ContainsKey('AccessTokens') -and $param.ContainsKey('AccessTokens'))
            {
                $item.AccessTokens = $AccessTokens
            }
            $keyValues = foreach ($key in $dscParameterKeys)
        {
            $item.$key
        }
        $executionName = $keyValues -join '_'
        $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_'
        (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item)
    }
}