Public/generated/Get-KritTcmAADConditionalAccessPolicy.ps1
|
<# ·· × × × ··· SirJ's Deaddrop ··· × × × ··· — If you found this, you were meant to — ---------------- A Seriously Kritical™ Production ---------------- [] → (¯`·.¸¸.·´¯) .·´ `·. [] → `·.______________.·´ | +------------------+ | | | Kritical™ | | | | [] [] | | | | | | | | [] [] [] | | | +------------------+ | (._.·´¯`·.¸_) Your last call. And your first move. ★ ☆ ★ +61 1300 274 655 sales at kritical dot net ----------------------------------------------------------------- .COPYRIGHT (c) 2026 Kritical Pty Ltd. All rights reserved. .AUTHOR Joshua Finley <joshua.finley@kritical.net> .COMPANY Kritical Pty Ltd | ABN 39 687 048 086 Level 4 / 60 Moorabool St Geelong VIC 3220 1300 274 655 | sales@kritical.net | https://kritical.net/ .NOTES HARD RULE 13 canonical Kritical branding — do not overlay other agent banners. Auto-generated by Generate-KritTcmFromM365DscSchema.ps1 (.1507o30+). Upstream reference: Microsoft365DSC by Microsoft (MIT). This shim provides literal search-replace equivalence — see Krit.TCM/generated/index.md. #> function Get-KritTcmAADConditionalAccessPolicy { <# .SYNOPSIS Krit.TCM shim for M365DSC resource AADConditionalAccessPolicy. .DESCRIPTION Auto-generated from M365DSC .schema.mof by scripts/m365-setup/Generate-KritTcmFromM365DscSchema.ps1 (.1507o30). Search-replace safe: callers that today invoke Get-M365DSCAADConditionalAccessPolicy -Credential $cred -TenantId $tid can rename to Get-KritTcmAADConditionalAccessPolicy -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. Per operator direction, -PreferM365DscBehavior defaults to true. Actual Graph dispatch is delegated to Invoke-KritTcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Entra Original mof: C:\Users\joshl\OneDrive - Kritical Pty Ltd\Github\KRTPax8ToShopifyConnector\.kritm365-mine\Microsoft365DSC\Modules\Microsoft365DSC\DSCResources\MSFT_AADConditionalAccessPolicy\MSFT_AADConditionalAccessPolicy.schema.mof Param count: 36 Generator wave: .1507o30 #> [CmdletBinding()] param( # DisplayName of the AAD CA Policy [Parameter(Mandatory)] [string]$DisplayName, # Specifies the GUID for the Policy. [string]$Id, # Specifies the State of the Policy. [ValidateSet('disabled','enabled','enabledForReportingButNotEnforced')] [string]$State, # Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID. [string]$ApplicationsFilter, # Mode to use for the filter. Possible values are include or exclude. [ValidateSet('include','exclude')] [string]$ApplicationsFilterMode, # Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type. [ValidateSet('all','enumerated','unknownFutureValue')] [string]$IncludeExternalTenantsMembershipKind, # Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type. [ValidateSet('all','enumerated','unknownFutureValue')] [string]$ExcludeExternalTenantsMembershipKind, # Mode to use for the Service Principal filter. Possible values are include or exclude. 'Attribute Definition Reader' role is needed. [ValidateSet('include','exclude')] [string]$ServicePrincipalFilterMode, # Rule syntax for the Service Principal filter. 'Attribute Definition Reader' role is needed. [string]$ServicePrincipalFilterRule, # Client Device Filter mode of the Policy. [ValidateSet('include','exclude')] [string]$DeviceFilterMode, # Client Device Filter rule of the Policy. [string]$DeviceFilterRule, # Operator to be used for Grant Controls. [ValidateSet('AND','OR')] [string]$GrantControlOperator, # Specifies, whether Application Enforced Restrictions are enabled in the Policy. [bool]$ApplicationEnforcedRestrictionsIsEnabled, # Specifies, whether Cloud App Security is enforced by the Policy. [bool]$CloudAppSecurityIsEnabled, # Specifies, what Cloud App Security control is enforced by the Policy. [string]$CloudAppSecurityType, # Specifies continuous access evaluation settings. The possible values are: disabled, strictEnforcement, strictLocation [ValidateSet('disabled','strictEnforcement','strictLocation')] [string]$ContinuousAccessEvaluationMode, # Specifies if token protection for sign-in sessions is to be enforced by the policy. [bool]$SecureSignInSessionIsEnabled, # Sign in frequency time in the given unit to be enforced by the policy. [int]$SignInFrequencyValue, # Display name of the terms of use to assign. [string]$TermsOfUse, # Sign in frequency unit (days/hours) to be interpreted by the policy. [ValidateSet('Days','Hours')] [string]$SignInFrequencyType, # Specifies, whether sign-in frequency is enforced by the Policy. [bool]$SignInFrequencyIsEnabled, # Sign in frequency interval. Possible values are: 'timeBased', 'everyTime' and 'unknownFutureValue'. [ValidateSet('timeBased','everyTime','unknownFutureValue')] [string]$SignInFrequencyInterval, # Specifies, whether Browser Persistence is controlled by the Policy. [bool]$PersistentBrowserIsEnabled, # Specifies, what Browser Persistence control is enforced by the Policy. [ValidateSet('Always','Never')] [string]$PersistentBrowserMode, # Specifies, if DisableResilienceDefaults is enabled. [bool]$DisableResilienceDefaultsIsEnabled, # Name of the associated authentication strength policy. [string]$AuthenticationStrength, # Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'. [string]$TransferMethods, # Specify if the Azure AD CA Policy should exist or not. [ValidateSet('Present','Absent')] [string]$Ensure, # Credentials for the Microsoft Graph delegated permissions. [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Secret of the Azure Active Directory application to authenticate with. [string]$ApplicationSecret, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KritTcmM365DscSchemaBridge -ResourceName 'AADConditionalAccessPolicy' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters } |