Public/generated/Get-KritTcmEXOMobileDeviceMailboxPolicy.ps1

<#
·· × × × ··· SirJ's Deaddrop ··· × × × ···
      — If you found this, you were meant to —

---------------- A Seriously Kritical™ Production ----------------

                                   [] →
                 (¯`·.¸¸.·´¯)
               .·´ `·. [] →
               `·.______________.·´
              | +------------------+ |
              | | Kritical™ | |
              | | [] [] | |
              | | | |
              | | [] [] [] | |
              | +------------------+ |
                  (._.·´¯`·.¸_)

                     Your last call.
                   And your first move.

                         ★ ☆ ★

                     +61 1300 274 655
                 sales at kritical dot net

-----------------------------------------------------------------


.COPYRIGHT
    (c) 2026 Kritical Pty Ltd. All rights reserved.
.AUTHOR
    Joshua Finley <joshua.finley@kritical.net>
.COMPANY
    Kritical Pty Ltd | ABN 39 687 048 086
    Level 4 / 60 Moorabool St Geelong VIC 3220
    1300 274 655 | sales@kritical.net | https://kritical.net/
.NOTES
    HARD RULE 13 canonical Kritical branding — do not overlay other agent banners.
    Auto-generated by Generate-KritTcmFromM365DscSchema.ps1 (.1507o30+).
    Upstream reference: Microsoft365DSC by Microsoft (MIT). This shim provides
    literal search-replace equivalence — see Krit.TCM/generated/index.md.
#>


function Get-KritTcmEXOMobileDeviceMailboxPolicy {
<#
.SYNOPSIS
    Krit.TCM shim for M365DSC resource EXOMobileDeviceMailboxPolicy.

.DESCRIPTION
    Auto-generated from M365DSC .schema.mof by
    scripts/m365-setup/Generate-KritTcmFromM365DscSchema.ps1 (.1507o30).

    Search-replace safe: callers that today invoke
        Get-M365DSCEXOMobileDeviceMailboxPolicy -Credential $cred -TenantId $tid
    can rename to
        Get-KritTcmEXOMobileDeviceMailboxPolicy -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. Per operator direction, -PreferM365DscBehavior defaults to true.

    Actual Graph dispatch is delegated to Invoke-KritTcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Exchange
    Original mof: C:\Users\joshl\OneDrive - Kritical Pty Ltd\Github\KRTPax8ToShopifyConnector\.kritm365-mine\Microsoft365DSC\Modules\Microsoft365DSC\DSCResources\MSFT_EXOMobileDeviceMailboxPolicy\MSFT_EXOMobileDeviceMailboxPolicy.schema.mof
    Param count: 61
    Generator wave: .1507o30
#>

[CmdletBinding()]
param(
        # The Name parameter specifies the friendly name of the mobile device mailbox policy.
[Parameter(Mandatory)] [string]$Name,
        # The AllowApplePushNotifications parameter specifies whether push notifications are allowed to Apple mobile devices.
[bool]$AllowApplePushNotifications,
        # The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile phone. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.
[ValidateSet('Disable','HandsfreeOnly','Allow')] [string]$AllowBluetooth,
        # The AllowBrowser parameter indicates whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. This parameter doesn't affect third-party browsers.
[bool]$AllowBrowser,
        # The AllowCamera parameter specifies whether the mobile phone's camera is allowed.
[bool]$AllowCamera,
        # The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email account on the mobile phone.
[bool]$AllowConsumerEmail,
        # The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer through a cable.
[bool]$AllowDesktopSync,
        # The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile phone.
[bool]$AllowExternalDeviceManagement,
        # The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices.
[bool]$AllowGooglePushNotifications,
        # The AllowHTMLEmail parameter specifies whether HTML email is enabled on the mobile phone.
[bool]$AllowHTMLEmail,
        # The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.
[bool]$AllowInternetSharing,
        # The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone.
[bool]$AllowIrDA,
        # The AllowMobileOTAUpdate parameter specifies whether the Exchange ActiveSync mailbox policy can be sent to the mobile phone over a cellular data connection.
[bool]$AllowMobileOTAUpdate,
        # The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device.
[bool]$AllowMicrosoftPushNotifications,
        # The AllowNonProvisionableDevices parameter specifies whether all mobile phones can synchronize with the server running Exchange.
[bool]$AllowNonProvisionableDevices,
        # The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile phone.
[bool]$AllowPOPIMAPEmail,
        # The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.
[bool]$AllowRemoteDesktop,
        # The AllowSimplePassword parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.
[bool]$AllowSimplePassword,
        # The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
[ValidateSet('AllowAnyAlgorithmNegotiation','BlockNegotiation','OnlyStrongAlgorithmNegotiation')] [string]$AllowSMIMEEncryptionAlgorithmNegotiation,
        # The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed.
[bool]$AllowSMIMESoftCerts,
        # The AllowStorageCard parameter specifies whether the mobile phone can access information stored on a storage card.
[bool]$AllowStorageCard,
        # The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile phone.
[bool]$AllowTextMessaging,
        # The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile phone.
[bool]$AllowUnsignedApplications,
        # The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be executed on the mobile phone.
[bool]$AllowUnsignedInstallationPackages,
        # The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile phone.
[bool]$AllowWiFi,
        # The AlphanumericPasswordRequired parameter specifies whether the password for the mobile phone must be alphanumeric.
[bool]$AlphanumericPasswordRequired,
        # The AttachmentsEnabled parameter specifies whether attachments can be downloaded.
[bool]$AttachmentsEnabled,
        # The DeviceEncryptionEnabled parameter specifies whether encryption is enabled.
[bool]$DeviceEncryptionEnabled,
        # The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile phone.
[string]$DevicePolicyRefreshInterval,
        # The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.
[bool]$IrmEnabled,
        # The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy.
[bool]$IsDefault,
        # The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile phone.
[string]$MaxAttachmentSize,
        # The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the device.
[ValidateSet('All','TwoWeeks','OneMonth','ThreeMonths','SixMonths')] [string]$MaxCalendarAgeFilter,
        # The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile phone.
[ValidateSet('All','OneDay','ThreeDays','OneWeek','TwoWeeks','OneMonth')] [string]$MaxEmailAgeFilter,
        # The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile phone. The value is specified in kilobytes (KB).
[string]$MaxEmailBodyTruncationSize,
        # The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are synchronized to the mobile phone. The value is specified in KB.
[string]$MaxEmailHTMLBodyTruncationSize,
        # The MaxInactivityTimeDeviceLock parameter specifies the length of time that the mobile phone can be inactive before the password is required to reactivate it.
[string]$MaxInactivityTimeLock,
        # The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile phone. You can enter any number from 4 through 16 or the value Unlimited.
[string]$MaxPasswordFailedAttempts,
        # The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of the mobile device.
[int]$MinPasswordComplexCharacters,
        # The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.
[string]$MinPasswordLength,
        # The PasswordEnabled parameter specifies whether a password is required on the mobile device.
[bool]$PasswordEnabled,
        # The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password.
[string]$PasswordExpiration,
        # The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.
[int]$PasswordHistory,
        # The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange.
[bool]$PasswordRecoveryEnabled,
        # The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device.
[bool]$RequireDeviceEncryption,
        # The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages.
[bool]$RequireEncryptedSMIMEMessages,
        # The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME messages on a mobile device.
[ValidateSet('DES','TripleDES','RC240bit','RC264bit','RC2128bit')] [string]$RequireEncryptionSMIMEAlgorithm,
        # The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.
[bool]$RequireManualSyncWhenRoaming,
        # The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.
[ValidateSet('SHA1','MD5')] [string]$RequireSignedSMIMEAlgorithm,
        # The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages.
[bool]$RequireSignedSMIMEMessages,
        # The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device.
[bool]$RequireStorageCardEncryption,
        # The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device.
[bool]$UNCAccessEnabled,
        # The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.
[bool]$WSSAccessEnabled,
        # Specify if the Mobile Device Mailbox Policy should exist or not.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Exchange Global Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KritTcmM365DscSchemaBridge -ResourceName 'EXOMobileDeviceMailboxPolicy' -Workload 'Exchange' -Verb 'Get' -CallerParams $PSBoundParameters
}