Public/generated/Get-KritTcmAADDeviceRegistrationPolicy.ps1
|
<# ·· × × × ··· SirJ's Deaddrop ··· × × × ··· — If you found this, you were meant to — ---------------- A Seriously Kritical™ Production ---------------- [] → (¯`·.¸¸.·´¯) .·´ `·. [] → `·.______________.·´ | +------------------+ | | | Kritical™ | | | | [] [] | | | | | | | | [] [] [] | | | +------------------+ | (._.·´¯`·.¸_) Your last call. And your first move. ★ ☆ ★ +61 1300 274 655 sales at kritical dot net ----------------------------------------------------------------- .COPYRIGHT (c) 2026 Kritical Pty Ltd. All rights reserved. .AUTHOR Joshua Finley <joshua.finley@kritical.net> .COMPANY Kritical Pty Ltd | ABN 39 687 048 086 Level 4 / 60 Moorabool St Geelong VIC 3220 1300 274 655 | sales@kritical.net | https://kritical.net/ .NOTES HARD RULE 13 canonical Kritical branding — do not overlay other agent banners. Auto-generated by Generate-KritTcmFromM365DscSchema.ps1 (.1507o30+). Upstream reference: Microsoft365DSC by Microsoft (MIT). This shim provides literal search-replace equivalence — see Krit.TCM/generated/index.md. #> function Get-KritTcmAADDeviceRegistrationPolicy { <# .SYNOPSIS Krit.TCM shim for M365DSC resource AADDeviceRegistrationPolicy. .DESCRIPTION Auto-generated from M365DSC .schema.mof by scripts/m365-setup/Generate-KritTcmFromM365DscSchema.ps1 (.1507o30). Search-replace safe: callers that today invoke Get-M365DSCAADDeviceRegistrationPolicy -Credential $cred -TenantId $tid can rename to Get-KritTcmAADDeviceRegistrationPolicy -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. Per operator direction, -PreferM365DscBehavior defaults to true. Actual Graph dispatch is delegated to Invoke-KritTcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Entra Original mof: C:\Users\joshl\OneDrive - Kritical Pty Ltd\Github\KRTPax8ToShopifyConnector\.kritm365-mine\Microsoft365DSC\Modules\Microsoft365DSC\DSCResources\MSFT_AADDeviceRegistrationPolicy\MSFT_AADDeviceRegistrationPolicy.schema.mof Param count: 16 Generator wave: .1507o30 #> [CmdletBinding()] param( # Only valid value is 'Yes'. [Parameter(Mandatory)] [ValidateSet('Yes')] [string]$IsSingleInstance, # Determines whether or not administrators can configure Azure AD Join. [bool]$AzureADJoinIsAdminConfigurable, # Specifies the maximum number of devices that a user can have within your organization before blocking new device registrations. The default value is set to 50. If this property isn't specified during the policy update operation, it's automatically reset to 0 to indicate that users aren't allowed to join any devices. [int]$UserDeviceQuota, # Scope that a device registration policy applies to. [ValidateSet('All','Selected','None')] [string]$AzureADAllowedToJoin, # Specifies the authentication policy for a user to complete registration using Microsoft Entra join or Microsoft Entra registered within your organization. [bool]$MultiFactorAuthConfiguration, # Indicates whether global administrators are local administrators on all Microsoft Entra-joined devices. This setting only applies to future registrations. Default is true. [bool]$LocalAdminsEnableGlobalAdmins, # Scope that a device registration policy applies to for local admins. [ValidateSet('All','Selected','None')] [string]$AzureAdJoinLocalAdminsRegisteringMode, # Specifies whether this policy scope is configurable by the admin. The default value is false. An admin can set it to true to enable Local Admin Password Solution (LAPS) within their organzation. [bool]$LocalAdminPasswordIsEnabled, # Credentials of the Admin [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Secret of the Azure Active Directory tenant used for authentication. [string]$ApplicationSecret, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KritTcmM365DscSchemaBridge -ResourceName 'AADDeviceRegistrationPolicy' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters } |