M365ConfigurationDataExample.psd1
# (2024-05-15 01:11:56) Generated using Microsoft365DSC v1.24.515.1 @{ AllNodes = @( @{ NodeName = 'String | Required | Name of the host of which the LCM is used, normally this is localhost' CertificateFile = 'String | Required | Relative path to the public key of the DSC credential encryption certificate, e.g. .\DSCCertificate.cer' } ) NonNodeData = @{ Environment = @{ Name = 'String | Required | Name of your environment, e.g. TestEnvironment' TenantId = 'String | Required | Tenant URL, e.g. test.onmicrosoft.com' OrganizationName = 'String | Required | Name of your organization, prefix of the tenant id, e.g. test' CICD = @{ Approvers = @( @{ Principal = 'String | Required | Principal of the user or groups that needs to get added to the approvers list.' Type = 'String | Required | Type of principal | User / Group' } ) UseCodeBranch = 'String | Required | Name of the branch that is used for the CICD (Script) repository, e.g. main' DependsOn = 'String | Required | Name of the environment this environment depends on, e.g. TestEnvironment' } ShortName = 'String | Required | Abbreviation of the environment name, e.g. TST' Tokens = @{ ExampleToken = 'String | Optional | Example of a token that can be used anywhere in the config, by specifying {{ExampleToken}}' } } AppCredentials = @( @{ ApplicationId = 'Guid | Required | The GUID of the Entra ID Service Principal' Workload = 'String | Required | Name of the Workload for which this credential will be used | AzureAD / Exchange / Intune / Office365 / OneDrive / Planner / PowerPlatform / SecurityCompliance / SharePoint / Teams' CertThumbprint = 'String | Required | The Certificate Thumbprint of the certificate used for authentication' } ) AzureAD = @{ ActivityBasedTimeoutPolicies = @( @{ DefaultTimeOut = 'String | Optional | Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don''t have application-specific override.' AzurePortalTimeOut = 'String | Optional | Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal.' DisplayName = 'String | Required | Display name for this policy. Required.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Id = 'String | Optional | Id of the policy' } ) AdministrativeUnits = @( @{ Visibility = 'String | Optional | Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden' MembershipType = 'String | Optional | Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.' Description = 'String | Optional | Description of the Administrative Unit' Id = 'String | Optional | Object-Id of the Administrative Unit' Ensure = 'String | Optional | Present ensures the Administrative Unit exists, absent ensures it is removed. | Present / Absent' ScopedRoleMembers = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' RoleName = 'String | Optional | Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope' RoleMemberInfo = @{ Type = 'String | Optional | Specify User, Group or Device to interpret the identity for Members. Specify User, Group or ServicePrincipal for ScopedRoleMembers. | User / Group / Device / ServicePrincipal' Identity = 'String | Optional | Identity of member. For users, specify a UserPrincipalName. For groups, devices and serviceprincipals, specify DisplayName' } } ) AccessTokens = 'StringArray | Optional | Access token used for authentication.' Members = @( @{ Type = 'String | Optional | Specify User, Group or Device to interpret the identity for Members. Specify User, Group or ServicePrincipal for ScopedRoleMembers. | User / Group / Device / ServicePrincipal' Identity = 'String | Optional | Identity of member. For users, specify a UserPrincipalName. For groups, devices and serviceprincipals, specify DisplayName' } ) MembershipRuleProcessingState = 'String | Optional | Specify dynamic membership-rule processing-state. Valid values are ''On'' and ''Paused''. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.' MembershipRule = 'String | Optional | Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.' DisplayName = 'String | Required | DisplayName of the Administrative Unit' } ) Applications = @( @{ Description = 'String | Optional | A free text field to provide a description of the application object to end users. The maximum allowed size is 1024 characters.' Owners = 'StringArray | Optional | UPN or ObjectID values of the app''s owners.' PublicClient = 'Boolean | Optional | Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.' Permissions = @( @{ AdminConsentGranted = 'Boolean | Optional | Represented whether or not the Admin consent been granted on the app.' Type = 'String | Optional | Type of permission. | AppOnly / Delegated' Name = 'String | Optional | Name of the requested permission.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SourceAPI = 'String | Optional | Name of the API from which the permission comes from.' } ) AccessTokens = 'StringArray | Optional | Access token used for authentication.' UniqueId = 'String | Required | Unique ID to identify this specific object' AppId = 'String | Optional | AppId for the app.' DisplayName = 'String | Required | DisplayName of the app' Ensure = 'String | Optional | Specify if the Azure AD App should exist or not. | Present / Absent' AvailableToOtherTenants = 'Boolean | Optional | Indicates whether this application is available in other tenants.' KnownClientApplications = 'StringArray | Optional | Client applications that are tied to this resource application.' IsFallbackPublicClient = 'Boolean | Optional | Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.' IdentifierUris = 'StringArray | Optional | User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.' GroupMembershipClaims = 'String | Optional | A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.' ObjectId = 'String | Optional | ObjectID of the app.' LogoutURL = 'String | Optional | The logout url for this application.' Homepage = 'String | Optional | The URL to the application''s homepage.' ReplyURLs = 'StringArray | Optional | Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.' } ) AttributeSets = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive' Id = 'String | Required | Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive' MaxAttributesPerSet = 'UInt32 | Optional | Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present' } ) AuthenticationContextClassReferences = @( @{ Id = 'String | Required | Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25. | c1 / c2 / c3 / c4 / c5 / c6 / c7 / c8 / c9 / c10 / c11 / c12 / c13 / c14 / c15 / c16 / c17 / c18 / c19 / c20 / c21 / c22 / c23 / c24 / c25' IsAvailable = 'Boolean | Optional | Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it''s set to false, it shouldn''t be shown in admin UX experiences because the value isn''t currently available for selection.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisplayName = 'String | Optional | A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX' } ) AuthenticationMethodPolicies = @( @{ Id = 'String | Optional | The unique identifier for an entity. Read-only.' PolicyMigrationState = 'String | Optional | The state of migration of the authentication methods policy from the legacy multifactor authentication and self-service password reset (SSPR) policies. The possible values are: premigration - means the authentication methods policy is used for authentication only, legacy policies are respected. migrationInProgress - means the authentication methods policy is used for both authenication and SSPR, legacy policies are respected. migrationComplete - means the authentication methods policy is used for authentication and SSPR, legacy policies are ignored. unknownFutureValue - Evolvable enumeration sentinel value. Do not use. | preMigration / migrationInProgress / migrationComplete / unknownFutureValue' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present' ReconfirmationInDays = 'UInt32 | Optional | Days before the user will be asked to reconfirm their method.' Description = 'String | Optional | A description of the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RegistrationEnforcement = @{ AuthenticationMethodsRegistrationCampaign = @{ SnoozeDurationInDays = 'UInt32 | Optional | Specifies the number of days that the user sees a prompt again if they select ''Not now'' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is ''0'' The user is prompted during every MFA attempt.' ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD user or group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: user, group, unknownFutureValue. | user / group / unknownFutureValue' } ) IncludeTargets = @( @{ TargetedAuthenticationMethod = 'String | Optional | The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: user, group, unknownFutureValue. | user / group / unknownFutureValue' Id = 'String | Optional | The object identifier of an Azure AD user or group.' } ) State = 'String | Optional | Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } } PolicyVersion = 'String | Optional | The version of the policy in use.' SystemCredentialPreferences = @{ ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) IncludeTargets = @( @{ Id = 'String | Optional | The ID of the entity targeted.' TargetType = 'String | Optional | The kind of entity targeted. Possible values are: user, group. | user / group / unknownFutureValue' } ) State = 'String | Optional | Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } DisplayName = 'String | Required | The name of the policy.' } ) AuthenticationMethodPoliciesAuthenticator = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' FeatureSettings = @{ DisplayLocationInformationRequiredState = @{ ExcludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } IncludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } State = 'String | Optional | Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } NumberMatchingRequiredState = @{ ExcludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } IncludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } State = 'String | Optional | Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } CompanionAppAllowedState = @{ ExcludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } IncludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } State = 'String | Optional | Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } DisplayAppInformationRequiredState = @{ ExcludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } IncludeTarget = @{ Id = 'String | Optional | The ID of the entity that''s targeted in the include or exclude rule or all_users to target all users.' TargetType = 'String | Optional | The kind of entity that''s targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue. | group / administrativeUnit / role / unknownFutureValue' } State = 'String | Optional | Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn''t been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled. | default / enabled / disabled / unknownFutureValue' } } Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) IsSoftwareOathEnabled = 'Boolean | Optional | true if users can use the OTP code generated by the Microsoft Authenticator app, false otherwise.' State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) } ) AuthenticationMethodPoliciesEmail = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AllowExternalIdToUseEmailOtp = 'String | Optional | Determines whether email OTP is usable by external users for authentication. Possible values are: default, enabled, disabled, unknownFutureValue. Tenants in the default state who did not use public preview will automatically have email OTP enabled beginning in October 2021. | default / enabled / disabled / unknownFutureValue' } ) AuthenticationMethodPoliciesFido2 = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' IsSelfServiceRegistrationAllowed = 'Boolean | Optional | Determines if users can register new FIDO2 security keys.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) KeyRestrictions = @{ IsEnforced = 'Boolean | Optional | Determines if the configured key enforcement is enabled.' EnforcementType = 'String | Optional | Enforcement type. Possible values are: allow, block. | allow / block / unknownFutureValue' AaGuids = 'StringArray | Optional | A collection of Authenticator Attestation GUIDs. AADGUIDs define key types and manufacturers.' } AccessTokens = 'StringArray | Optional | Access token used for authentication.' State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' IsAttestationEnforced = 'Boolean | Optional | Determines whether attestation must be enforced for FIDO2 security key registration.' } ) AuthenticationMethodPoliciesSms = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } ) AuthenticationMethodPoliciesSoftware = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } ) AuthenticationMethodPolicyTemporaries = @( @{ IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) Id = 'String | Required | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' DefaultLength = 'UInt32 | Optional | Default length in characters of a Temporary Access Pass object. Must be between 8 and 48 characters.' MinimumLifetimeInMinutes = 'UInt32 | Optional | Minimum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).' ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MaximumLifetimeInMinutes = 'UInt32 | Optional | Maximum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).' DefaultLifetimeInMinutes = 'UInt32 | Optional | Default lifetime in minutes for a Temporary Access Pass. Value can be any integer between the minimumLifetimeInMinutes and maximumLifetimeInMinutes.' IsUsableOnce = 'Boolean | Optional | If true, all the passes in the tenant will be restricted to one-time use. If false, passes in the tenant can be created to be either one-time use or reusable.' } ) AuthenticationMethodPoliciesVoice = @( @{ Id = 'String | Required | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | user / group / unknownFutureValue' } ) IsOfficePhoneAllowed = 'Boolean | Optional | true if users can register office phones, otherwise, false.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' } ) AuthenticationMethodPoliciesX509 = @( @{ AuthenticationModeConfiguration = @{ Rules = @( @{ X509CertificateAuthenticationMode = 'String | Optional | The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue. Required. | x509CertificateSingleFactor / x509CertificateMultiFactor / unknownFutureValue' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Identifier = 'String | Optional | The identifier of the X.509 certificate. Required.' X509CertificateRuleType = 'String | Optional | The type of the X.509 certificate mode configuration rule. The possible values are: issuerSubject, policyOID, unknownFutureValue. Required. | issuerSubject / policyOID / unknownFutureValue' } ) X509CertificateAuthenticationDefaultMode = 'String | Optional | The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue. | x509CertificateSingleFactor / x509CertificateMultiFactor / unknownFutureValue' } Id = 'String | Required | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IncludeTargets = @( @{ isRegistrationRequired = 'Boolean | Optional | Determines if the user is enforced to register the authentication method.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | group / unknownFutureValue' Id = 'String | Optional | The object identifier of an Azure AD group.' } ) ExcludeTargets = @( @{ Id = 'String | Optional | The object identifier of an Azure AD group.' TargetType = 'String | Optional | The type of the authentication method target. Possible values are: group and unknownFutureValue. | group / unknownFutureValue' } ) State = 'String | Optional | The state of the policy. Possible values are: enabled, disabled. | enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CertificateUserBindings = @( @{ Priority = 'UInt32 | Optional | The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the certificateUserBindings property of an x509CertificateAuthenticationMethodConfiguration object. Required' UserProperty = 'String | Optional | Defines the Azure AD user property of the user object to use for the binding. The possible values are: userPrincipalName, onPremisesUserPrincipalName, email. Required.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' X509CertificateField = 'String | Optional | The field on the X.509 certificate to use for the binding. The possible values are: PrincipalName, RFC822Name.' } ) } ) AuthenticationStrengthPolicies = @( @{ Description = 'String | Optional | A description of the policy.' Id = 'String | Optional | The unique identifier of the policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowedCombinations = 'StringArray | Optional | The authentication method combinations allowed by this authentication strength policy.' DisplayName = 'String | Required | The name of the policy.' } ) AuthorizationPolicy = @{ GuestUserRole = 'String | Optional | The role that should be granted to guest users. Refer to List unifiedRoleDefinitions to find the list of available role templates. Only supported roles today are User, Guest User, and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b). | Guest / RestrictedGuest / User' PermissionGrantPolicyIdsAssignedToDefaultUserRole = 'StringArray | Optional | String collection Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id}, where {id} is the id of a built-in or custom app consent policy. An empty list indicates user consent to apps is disabled.' DefaultUserRoleAllowedToReadOtherUsers = 'Boolean | Optional | Boolean Indicates whether the default user role can read other users.' DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice = 'Boolean | Optional | Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.' DefaultUserRoleAllowedToCreateTenants = 'Boolean | Optional | Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Azure portal. When this setting is false, users assigned the Tenant Creator role can still create tenants.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify that the Azure Authorization Policy should exist. | Present' AllowedToSignUpEmailBasedSubscriptions = 'Boolean | Optional | Boolean Indicates whether users can sign up for email based subscriptions.' AllowedToUseSSPR = 'Boolean | Optional | Boolean Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant.' Description = 'String | Optional | Description of this policy.' DisplayName = 'String | Optional | Display name for this policy.' DefaultUserRoleAllowedToCreateApps = 'Boolean | Optional | Boolean Indicates whether the default user role can create applications.' DefaultUserRoleAllowedToCreateSecurityGroups = 'Boolean | Optional | Boolean Indicates whether the default user role can create security groups.' BlockMsolPowershell = 'Boolean | Optional | Boolean To disable the use of MSOL PowerShell, set this property to true. This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph.' AllowEmailVerifiedUsersToJoinOrganization = 'Boolean | Optional | Boolean Indicates whether a user can join the tenant by email validation.' AllowInvitesFrom = 'String | Optional | Indicates who can invite external users to the organization. Possible values are: None, AdminsAndGuestInviters, AdminsGuestInvitersAndAllMembers, Everyone. Everyone is the default setting for all cloud environments except US Government. | None / AdminsAndGuestInviters / AdminsGuestInvitersAndAllMembers / Everyone' } ConditionalAccessPolicies = @( @{ DisplayName = 'String | Required | DisplayName of the AAD CA Policy' PersistentBrowserIsEnabled = 'Boolean | Optional | Specifies, whether Browser Persistence is controlled by the Policy.' IncludeApplications = 'StringArray | Optional | Cloud Apps in scope of the Policy.' ExcludeUsers = 'StringArray | Optional | Users out of scope of the Policy.' IncludeRoles = 'StringArray | Optional | AAD Admin Roles in scope of the Policy.' ApplicationsFilter = 'String | Optional | Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID.' SignInFrequencyInterval = 'String | Optional | Sign in frequency interval. Possible values are: timeBased, everyTime and unknownFutureValue. | timeBased / everyTime / unknownFutureValue' ApplicationEnforcedRestrictionsIsEnabled = 'Boolean | Optional | Specifies, whether Application Enforced Restrictions are enabled in the Policy.' UserRiskLevels = 'StringArray | Optional | AAD Identity Protection User Risk Levels in scope of the Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IncludeGroups = 'StringArray | Optional | Groups in scope of the Policy.' GrantControlOperator = 'String | Optional | Operator to be used for Grant Controls. | AND / OR' Id = 'String | Optional | Specifies the GUID for the Policy.' CustomAuthenticationFactors = 'StringArray | Optional | Custom Controls assigned to the grant property of this policy.' IncludeExternalTenantsMembers = 'StringArray | Optional | Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.' CloudAppSecurityIsEnabled = 'Boolean | Optional | Specifies, whether Cloud App Security is enforced by the Policy.' SignInFrequencyIsEnabled = 'Boolean | Optional | Specifies, whether sign-in frequency is enforced by the Policy.' IncludeExternalTenantsMembershipKind = 'String | Optional | Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type. | / all / enumerated / unknownFutureValue' SignInRiskLevels = 'StringArray | Optional | AAD Identity Protection Sign-in Risk Levels in scope of the Policy.' PersistentBrowserMode = 'String | Optional | Specifies, what Browser Persistence control is enforced by the Policy. | Always / Never / ' ExcludeGuestOrExternalUserTypes = 'StringArray | Optional | Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue. | none / internalGuest / b2bCollaborationGuest / b2bCollaborationMember / b2bDirectConnectUser / otherExternalUser / serviceProvider / unknownFutureValue' IncludePlatforms = 'StringArray | Optional | Client Device Platforms in scope of the Policy.' ExcludeGroups = 'StringArray | Optional | Groups out of scope of the Policy.' ExcludeLocations = 'StringArray | Optional | AAD Named Locations out of scope of the Policy.' ApplicationsFilterMode = 'String | Optional | Mode to use for the filter. Possible values are include or exclude. | include / exclude' DeviceFilterRule = 'String | Optional | Client Device Filter rule of the Policy.' BuiltInControls = 'StringArray | Optional | List of built-in Grant Controls to be applied by the Policy.' IncludeUserActions = 'StringArray | Optional | User Actions in scope of the Policy.' TermsOfUse = 'String | Optional | Display name of the terms of use to assign.' Ensure = 'String | Optional | Specify if the Azure AD CA Policy should exist or not. | Present / Absent' ExcludePlatforms = 'StringArray | Optional | Client Device Platforms out of scope of the Policy.' AuthenticationStrength = 'String | Optional | Name of the associated authentication strength policy.' AuthenticationContexts = 'StringArray | Optional | Authentication context class references.' SignInFrequencyType = 'String | Optional | Sign in frequency unit (days/hours) to be interpreted by the policy. | Days / Hours / ' CloudAppSecurityType = 'String | Optional | Specifies, what Cloud App Security control is enforced by the Policy.' ExcludeRoles = 'StringArray | Optional | AAD Admin Roles out of scope of the Policy.' SignInFrequencyValue = 'UInt32 | Optional | Sign in frequency time in the given unit to be enforced by the policy.' ExcludeApplications = 'StringArray | Optional | Cloud Apps out of scope of the Policy.' ExcludeExternalTenantsMembershipKind = 'String | Optional | Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type. | / all / enumerated / unknownFutureValue' State = 'String | Optional | Specifies the State of the Policy. | disabled / enabled / enabledForReportingButNotEnforced' IncludeGuestOrExternalUserTypes = 'StringArray | Optional | Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue. | none / internalGuest / b2bCollaborationGuest / b2bCollaborationMember / b2bDirectConnectUser / otherExternalUser / serviceProvider / unknownFutureValue' DeviceFilterMode = 'String | Optional | Client Device Filter mode of the Policy. | include / exclude' ClientAppTypes = 'StringArray | Optional | Client App types in scope of the Policy.' IncludeLocations = 'StringArray | Optional | AAD Named Locations in scope of the Policy.' ExcludeExternalTenantsMembers = 'StringArray | Optional | Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.' IncludeUsers = 'StringArray | Optional | Users in scope of the Policy.' } ) CrossTenantAccessPolicy = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisplayName = 'String | Optional | The name of the policy.' Ensure = 'String | Optional | Specify if the policy should exist or not. | Present' AllowedCloudEndpoints = 'StringArray | Optional | Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty. | microsoftonline.com / microsoftonline.us / partner.microsoftonline.cn' } CrossTenantAccessPolicyConfigurationDefault = @{ Ensure = 'String | Optional | Specify if the instance should exist or not. | Present' AccessTokens = 'StringArray | Optional | Access token used for authentication.' InboundTrust = @{ IsCompliantDeviceAccepted = 'Boolean | Optional | Specifies whether compliant devices from external Azure AD organizations are trusted.' IsHybridAzureADJoinedDeviceAccepted = 'Boolean | Optional | Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.' IsMfaAccepted = 'Boolean | Optional | Specifies whether MFA from external Azure AD organizations is trusted.' } B2BCollaborationInbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } B2BCollaborationOutbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } B2BDirectConnectOutbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } B2BDirectConnectInbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } } CrossTenantAccessPoliciesConfigurationPartner = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' PartnerTenantId = 'String | Required | The tenant identifier for the partner Azure Active Directory (Azure AD) organization.' B2BDirectConnectOutbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } InboundTrust = @{ IsCompliantDeviceAccepted = 'Boolean | Optional | Specifies whether compliant devices from external Azure AD organizations are trusted.' IsHybridAzureADJoinedDeviceAccepted = 'Boolean | Optional | Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.' IsMfaAccepted = 'Boolean | Optional | Specifies whether MFA from external Azure AD organizations is trusted.' } Ensure = 'String | Optional | Specify if the policy should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AutomaticUserConsentSettings = @{ InboundAllowed = 'Boolean | Optional | Specifies whether you want to automatically trust Inbound invitations.' OutboundAllowed = 'Boolean | Optional | Specifies whether you want to automatically trust Outbound invitations.' } B2BDirectConnectInbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } B2BCollaborationOutbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } B2BCollaborationInbound = @{ Applications = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } UsersAndGroups = @{ AccessType = 'String | Optional | Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue. | allowed / blocked / unknownFutureValue' Targets = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' TargetType = 'String | Optional | The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue. | user / group / application / unknownFutureValue' Target = 'String | Optional | The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.' } ) } } } ) EntitlementManagementAccessPackages = @( @{ IncompatibleAccessPackages = 'StringArray | Optional | The access packages whose assigned users are ineligible to be assigned this access package.' IncompatibleGroups = 'StringArray | Optional | The groups whose members are ineligible to be assigned this access package.' DisplayName = 'String | Required | The display name of the access package.' Id = 'String | Optional | The Id of the access package.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | The description of the access package.' CatalogId = 'String | Optional | Identifier of the access package catalog referencing this access package.' IsRoleScopesVisible = 'Boolean | Optional | Indicates whether role scopes are visible.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AccessPackageResourceRoleScopes = @( @{ AccessPackageResourceRoleDisplayName = 'String | Optional | The display name of the resource role.' AccessPackageResourceOriginId = 'String | Optional | The origine Id of the resource.' Id = 'String | Optional | The Id of the resource roleScope.' } ) IsHidden = 'Boolean | Optional | Whether the access package is hidden from the requestor.' AccessPackagesIncompatibleWith = 'StringArray | Optional | The access packages that are incompatible with this package.' } ) EntitlementManagementAccessPackageAssignmentPolicies = @( @{ ExpirationDateTime = 'String | Optional | The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z' DisplayName = 'String | Required | The display name of the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AccessReviewSettings = @{ IsEnabled = 'Boolean | Optional | If true, access reviews are required for assignments from this policy.' StartDateTime = 'String | Optional | When the first review should start.' IsAccessRecommendationEnabled = 'Boolean | Optional | Specifies whether to display recommendations to the reviewer. The default value is true' AccessReviewTimeoutBehavior = 'String | Optional | The default decision to apply if the request is not reviewed within the period specified in durationInDays. | acceptAccessRecommendation / keepAccess / removeAccess / unknownFutureValue' IsApprovalJustificationRequired = 'Boolean | Optional | Specifies whether the reviewer must provide justification for the approval. The default value is true.' RecurrenceType = 'String | Optional | The interval for recurrence, such as monthly or quarterly.' Reviewers = @( @{ ManagerLevel = 'UInt32 | Optional | The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor''s manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.' IsBackup = 'Boolean | Optional | Indicates whether the resource is a backup fallback approver.' Id = 'String | Optional | The id of the resource.' odataType = 'String | Optional | The type of the resource | #microsoft.graph.singleUser / #microsoft.graph.groupMembers / #microsoft.graph.requestorManager / #microsoft.graph.internalSponsors / #microsoft.graph.externalSponsors / #microsoft.graph.connectedOrganizationMembers' } ) ReviewerType = 'String | Optional | Who should be asked to do the review, either Self or Reviewers.' DurationInDays = 'UInt32 | Optional | The number of days within which reviewers should provide input.' } RequestApprovalSettings = @{ ApprovalMode = 'String | Optional | One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false. | SingleStage / Serial / Parallel / NoApproval' IsRequestorJustificationRequired = 'Boolean | Optional | Indicates whether the requestor is required to supply a justification in their request.' IsApprovalRequiredForExtension = 'Boolean | Optional | Indicates whether approval is required for a user to extend their assignment.' ApprovalStages = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' IsApproverJustificationRequired = 'Boolean | Optional | If true, then one or more escalation approvers are configured in this approval stage.' EscalationTimeInMinutes = 'UInt32 | Optional | Indicates whether the approver is required to provide a justification for approving a request.' EscalationApprovers = @( @{ ManagerLevel = 'UInt32 | Optional | The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor''s manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.' IsBackup = 'Boolean | Optional | Indicates whether the resource is a backup fallback approver.' Id = 'String | Optional | The id of the resource.' odataType = 'String | Optional | The type of the resource | #microsoft.graph.singleUser / #microsoft.graph.groupMembers / #microsoft.graph.requestorManager / #microsoft.graph.internalSponsors / #microsoft.graph.externalSponsors / #microsoft.graph.connectedOrganizationMembers' } ) PrimaryApprovers = @( @{ ManagerLevel = 'UInt32 | Optional | The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor''s manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.' IsBackup = 'Boolean | Optional | Indicates whether the resource is a backup fallback approver.' Id = 'String | Optional | The id of the resource.' odataType = 'String | Optional | The type of the resource | #microsoft.graph.singleUser / #microsoft.graph.groupMembers / #microsoft.graph.requestorManager / #microsoft.graph.internalSponsors / #microsoft.graph.externalSponsors / #microsoft.graph.connectedOrganizationMembers' } ) ApprovalStageTimeOutInDays = 'UInt32 | Optional | The number of days that a request can be pending a response before it is automatically denied.' IsEscalationEnabled = 'Boolean | Optional | If escalation is required, the time a request can be pending a response from a primary approver.' } ) IsApprovalRequired = 'Boolean | Optional | Indicates whether approval is required for requests in this policy.' } CustomExtensionHandlers = @( @{ CustomExtensionId = 'String | Optional | Indicates which custom workflow extension will be executed at this stage.' Id = 'String | Optional | Identifier of the stage.' Stage = 'String | Optional | Indicates the stage of the access package assignment request workflow when the access package custom extension runs. | assignmentRequestCreated / assignmentRequestApproved / assignmentRequestGranted / assignmentRequestRemoved / assignmentFourteenDaysBeforeExpiration / assignmentOneDayBeforeExpiration / unknownFutureValue' } ) Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' RequestorSettings = @{ AllowedRequestors = @( @{ ManagerLevel = 'UInt32 | Optional | The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor''s manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.' IsBackup = 'Boolean | Optional | Indicates whether the resource is a backup fallback approver.' Id = 'String | Optional | The id of the resource.' odataType = 'String | Optional | The type of the resource | #microsoft.graph.singleUser / #microsoft.graph.groupMembers / #microsoft.graph.requestorManager / #microsoft.graph.internalSponsors / #microsoft.graph.externalSponsors / #microsoft.graph.connectedOrganizationMembers' } ) AcceptRequests = 'Boolean | Optional | Indicates whether new requests are accepted on this policy.' ScopeType = 'String | Optional | Who can request. | NoSubjects / SpecificDirectorySubjects / SpecificConnectedOrganizationSubjects / AllConfiguredConnectedOrganizationSubjects / AllExistingConnectedOrganizationSubjects / AllExistingDirectoryMemberUsers / AllExistingDirectorySubjects / AllExternalSubjects' } AccessPackageId = 'String | Optional | Identifier of the access package.' Questions = @( @{ AllowsMultipleSelection = 'Boolean | Optional | Indicates whether requestor can select multiple choices as their answer.' IsAnswerEditable = 'Boolean | Optional | Specifies whether the requestor is allowed to edit answers to questions.' Id = 'String | Optional | ID of the question.' RegexPattern = 'String | Optional | This is the regex pattern that the corresponding text answer must follow.' IsSingleLineQuestion = 'Boolean | Optional | Indicates whether the answer will be in single or multiple line format.' QuestionText = @{ LocalizedTexts = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Text = 'String | Optional | The text in the specific language. Required.' LanguageCode = 'String | Optional | The ISO code for the intended language. Required.' } ) DefaultText = 'String | Optional | The fallback string, which is used when a requested localization is not available. Required.' } IsRequired = 'Boolean | Optional | Whether the requestor is required to supply an answer or not.' odataType = 'String | Optional | The type of the resource | #microsoft.graph.accessPackageMultipleChoiceQuestion / #microsoft.graph.accessPackageTextInputQuestion' Choices = @( @{ ActualValue = 'String | Optional | The actual value of the selected choice. This is typically a string value which is understandable by applications. Required.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' displayValue = @{ LocalizedTexts = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Text = 'String | Optional | The text in the specific language. Required.' LanguageCode = 'String | Optional | The ISO code for the intended language. Required.' } ) DefaultText = 'String | Optional | The fallback string, which is used when a requested localization is not available. Required.' } } ) Sequence = 'UInt32 | Optional | Relative position of this question when displaying a list of questions to the requestor.' } ) DurationInDays = 'UInt32 | Optional | The number of days in which assignments from this policy last until they are expired.' Description = 'String | Optional | The description of the policy.' Id = 'String | Optional | Id of the access package assignment policy.' CanExtend = 'Boolean | Optional | Indicates whether a user can extend the access package assignment duration after approval.' } ) EntitlementManagementAccessPackageCatalogs = @( @{ IsExternallyVisible = 'Boolean | Optional | Whether the access packages in this catalog can be requested by users outside of the tenant.' Id = 'String | Optional | The id of the access package catalog.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' CatalogStatus = 'String | Optional | Has the value Published if the access packages are available for management.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | The description of the access package catalog.' CatalogType = 'String | Optional | One of UserManaged or ServiceDefault. | UserManaged / ServiceDefault' DisplayName = 'String | Required | The display name of the access package catalog.' } ) EntitlementManagementAccessPackageCatalogResources = @( @{ ResourceType = 'String | Optional | The type of the resource.' Description = 'String | Optional | A description for the resource.' AddedBy = 'String | Optional | The name of the user or application that first added this resource. Read-only.' DisplayName = 'String | Required | The display name of the resource, such as the application name, group name or site name.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' OriginId = 'String | Optional | The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Url = 'String | Optional | A unique resource locator for the resource, such as the URL for signing a user into an application.' Attributes = @( @{ Id = 'String | Optional | Id of the access package resource attribute.' AttributeName = 'String | Optional | The name of the attribute in the end system.' IsEditable = 'Boolean | Optional | Specifies whether or not an existing attribute value can be edited by the requester.' IsPersistedOnAssignmentRemoval = 'Boolean | Optional | Specifies whether the attribute will remain in the end system after an assignment ends.' AttributeSource = @{ odataType = 'String | Optional | Type of the access package resource attribute source. | #microsoft.graph.accessPackageResourceAttributeQuestion' Question = @{ RegexPattern = 'String | Optional | This is the regex pattern that the corresponding text answer must follow.' Id = 'String | Optional | Id of the access package resource attribute question.' QuestionText = @{ LocalizedTexts = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Text = 'String | Optional | The text in the specific language. Required.' LanguageCode = 'String | Optional | The ISO code for the intended language. Required.' } ) DefaultText = 'String | Optional | The fallback string, which is used when a requested localization is not available. Required.' } IsRequired = 'Boolean | Optional | Indicates whether the requestor is required to supply an answer or not.' AllowsMultipleSelection = 'Boolean | Optional | Indicates whether requestor can select multiple choices as their answer.' odataType = 'String | Optional | Type of the access package resource attribute question. | #microsoft.graph.accessPackageTextInputQuestion / #microsoft.graph.accessPackageMultipleChoiceQuestion' Choices = @( @{ ActualValue = 'String | Optional | The actual value of the selected choice. This is typically a string value which is understandable by applications. Required.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' displayValue = @{ DefaultText = 'String | Optional | The fallback string, which is used when a requested localization is not available. Required.' } } ) Sequence = 'UInt32 | Optional | Relative position of this question when displaying a list of questions to the requestor.' IsSingleLine = 'Boolean | Optional | Indicates whether the answer will be in single or multiple line format.' } } AttributeDestination = @{ odataType = 'String | Optional | Type of the access package resource attribute destination. | #microsoft.graph.accessPackageUserDirectoryAttributeStore' } } ) Id = 'String | Optional | Id of the access package catalog resource.' CatalogId = 'String | Optional | The unique ID of the access package catalog.' OriginSystem = 'String | Optional | The type of the resource in the origin system.' AddedOn = 'String | Optional | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.' IsPendingOnboarding = 'Boolean | Optional | True if the resource is not yet available for assignment. Read-only.' } ) EntitlementManagementConnectedOrganizations = @( @{ Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Id = 'String | Optional | The Id of the Connected organization object.' InternalSponsors = 'StringArray | Optional | Collection of objectID of internal sponsors. the sponsor can be a user or a group.' IdentitySources = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' CloudInstance = 'String | Optional | The ID of the cloud where the tenant is located, one of microsoftonline.com, microsoftonline.us or partner.microsoftonline.cn.' odataType = 'String | Optional | Type of the identity source. | #microsoft.graph.azureActiveDirectoryTenant / #microsoft.graph.crossCloudAzureActiveDirectoryTenant / #microsoft.graph.domainIdentitySource / #microsoft.graph.externalDomainFederation' ExternalTenantId = 'String | Optional | The ID of the Azure Active Directory tenant.' DomainName = 'String | Optional | The domain name.' IssuerUri = 'String | Optional | The issuerURI of the incoming federation.' DisplayName = 'String | Optional | The name of the Azure Active Directory tenant.' } ) Description = 'String | Optional | The description of the connected organization.' State = 'String | Optional | The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not. | configured / proposed / unknownFutureValue' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ExternalSponsors = 'StringArray | Optional | Collection of objectID of extenal sponsors. the sponsor can be a user or a group.' DisplayName = 'String | Required | The display name of the connected organization.' } ) ExternalIdentityPolicy = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowDeletedIdentitiesDataRemoval = 'Boolean | Optional | Reserved for future use.' allowExternalIdentitiesToLeave = 'Boolean | Required | Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.' } Groups = @( @{ GroupTypes = 'StringArray | Optional | Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.' Description = 'String | Optional | Specifies a description for the group.' Owners = 'StringArray | Optional | User Service Principal values for the group''s owners.' DisplayName = 'String | Required | DisplayName of the Azure Active Directory Group' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Members = 'StringArray | Optional | User Service Principal values for the group''s members.' MembershipRuleProcessingState = 'String | Optional | Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule. | On / Paused' AssignedToRole = 'StringArray | Optional | DisplayName values for the roles that the group is assigned to.' Ensure = 'String | Optional | Specify if the Azure AD Group should exist or not. | Present / Absent' IsAssignableToRole = 'Boolean | Optional | Specifies whether this group can be assigned a role. Only available when creating a group and can''t be modified after group is created.' SecurityEnabled = 'Boolean | Required | Specifies whether the group is security enabled. For security groups, this value must be $True.' MemberOf = 'StringArray | Optional | DisplayName values for the groups that this group is a member of.' MailEnabled = 'Boolean | Required | Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.' Visibility = 'String | Optional | This parameter determines the visibility of the group''s content and members list. | Public / Private / HiddenMembership' Id = 'String | Optional | Specifies an ID for the group.' MailNickname = 'String | Required | Specifies a mail nickname for the group.' MembershipRule = 'String | Optional | Specifies the membership rule for a dynamic group.' AssignedLicenses = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SkuId = 'String | Optional | The unique identifier for the SKU.' DisabledPlans = 'StringArray | Optional | A collection of the unique identifiers for plans that have been disabled.' } ) } ) GroupLifecyclePolicy = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Azure AD Groups Lifecycle Policy should exist or not. | Present / Absent' GroupLifetimeInDays = 'UInt32 | Required | The number of days a group can exist before it needs to be renewed.' AlternateNotificationEmails = 'StringArray | Required | Notification emails for groups that have no owners will be sent to these email addresses.' ManagedGroupTypes = 'String | Required | This parameter allows the admin to select which office 365 groups the policy will apply to. ''None'' will create the policy in a disabled state. ''All'' will apply the policy to every Office 365 group in the tenant. ''Selected'' will allow the admin to choose specific Office 365 groups that the policy will apply to. | All / None / Selected' } GroupsNamingPolicy = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' PrefixSuffixNamingRequirement = 'String | Optional | Prefixes and suffixes to add to the group name.' Ensure = 'String | Optional | Specify if the Azure AD Groups Naming Policy should exist or not. | Present / Absent' CustomBlockedWordsList = 'StringArray | Optional | Comma delimited list of words that should be blocked from being included in groups'' names.' } GroupsSettings = @{ Ensure = 'String | Optional | Specify if the Azure AD Groups Naming Policy should exist or not. | Present / Absent' NewUnifiedGroupWritebackDefault = 'Boolean | Optional | Boolean, a tenant-wide setting that assigns the default value to the writebackConfiguration/isEnabled property of new groups, if the property isn''t specified during group creation. This setting is applicable when group writeback is configured in Microsoft Entra Connect.' UsageGuidelinesUrl = 'String | Optional | A link to the Group Usage Guidelines.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowToAddGuests = 'Boolean | Optional | A boolean indicating whether or not is allowed to add guests to this directory.' EnableMIPLabels = 'Boolean | Optional | Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.' EnableGroupCreation = 'Boolean | Optional | The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.' AllowGuestsToBeGroupOwner = 'Boolean | Optional | Boolean indicating whether or not a guest user can be an owner of groups.' GroupCreationAllowedGroupName = 'String | Optional | Name of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.' GuestUsageGuidelinesUrl = 'String | Optional | The url of a link to the guest usage guidelines.' AllowGuestsToAccessGroups = 'Boolean | Optional | Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.' } NamedLocationPolicies = @( @{ IncludeUnknownCountriesAndRegions = 'Boolean | Optional | Specifies the includeUnknownCountriesAndRegions value for the Named Location in Azure Active Directory' Id = 'String | Optional | Specifies the ID of a Named Location in Azure Active Directory.' CountryLookupMethod = 'String | Optional | Determines what method is used to decide which country the user is located in. Possible values are clientIpAddress(default) and authenticatorAppGps. | clientIpAddress / authenticatorAppGps' Ensure = 'String | Optional | Specify if the Azure AD Named Location should exist or not. | Present / Absent' IsTrusted = 'Boolean | Optional | Specifies the isTrusted value for the Named Location (IP ranges only) in Azure Active Directory' CountriesAndRegions = 'StringArray | Optional | Specifies the countries and regions for the Named Location in Azure Active Directory' AccessTokens = 'StringArray | Optional | Access token used for authentication.' OdataType = 'String | Optional | Specifies the Odata Type of a Named Location object in Azure Active Directory | #microsoft.graph.countryNamedLocation / #microsoft.graph.ipNamedLocation / #microsoft.graph.compliantNetworkNamedLocation' IpRanges = 'StringArray | Optional | Specifies the IP ranges of the Named Location in Azure Active Directory' DisplayName = 'String | Required | Specifies the Display Name of a Named Location in Azure Active Directory' } ) RoleDefinitions = @( @{ IsEnabled = 'Boolean | Required | Specifies whether the role definition is enabled.' Ensure = 'String | Optional | Specify if the Azure AD Role definition should exist or not. | Present / Absent' Id = 'String | Optional | Specifies Id for the role definition.' Version = 'String | Optional | Specifies version for the role definition.' Description = 'String | Optional | Specifies a description for the role definition.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ResourceScopes = 'StringArray | Optional | Specifies the resource scopes for the role definition.' RolePermissions = 'StringArray | Required | Specifies permissions for the role definition.' TemplateId = 'String | Optional | Specifies template id for the role definition.' DisplayName = 'String | Required | Specifies a display name for the role definition.' } ) RoleEligibilityScheduleRequests = @( @{ Principal = 'String | Required | User Principal Name of the eligibility request.' Id = 'String | Optional | Identifier for the Role Eligibility Schedule Request.' DirectoryScopeId = 'String | Optional | Identifier of the directory object representing the scope of the role eligibility. The scope of an role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Action = 'String | Optional | Represents the type of operation on the role eligibility request.The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue. | adminAssign / adminUpdate / adminRemove / selfActivate / selfDeactivate / adminExtend / adminRenew / selfExtend / selfRenew / unknownFutureValue' Justification = 'String | Optional | A message provided by users and administrators when create they create the unifiedRoleEligibilityScheduleRequest object. Optional when action is adminRemove. Whether this property is required or optional is also dependent on the settings for the Azure AD role.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' PrincipalType = 'String | Optional | Represented the type of principal to assign the request to. Accepted values are: Group and User. | Group / User' AppScopeId = 'String | Optional | Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.' TicketInfo = @{ ticketSystem = 'String | Optional | The description of the ticket system.' ticketNumber = 'String | Optional | The ticket number.' } RoleDefinition = 'String | Required | Role associated with the eligibility request.' IsValidationOnly = 'Boolean | Optional | Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.' ScheduleInfo = @{ startDateTime = 'String | Optional | When the eligible or active assignment becomes active.' expiration = @{ duration = 'String | Optional | The requestor''s desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.' endDateTime = 'String | Optional | Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.' type = 'String | Optional | The requestor''s desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration. | notSpecified / noExpiration / afterDateTime / afterDuration' } recurrence = @{ range = @{ numberOfOccurrences = 'UInt32 | Optional | The number of times to repeat the event. Required and must be positive if type is numbered.' type = 'String | Required | The recurrence range. The possible values are: endDate, noEnd, numbered. | endDate / noEnd / numbered' recurrenceTimeZone = 'String | Optional | Time zone for the startDate and endDate properties.' startDate = 'String | Required | The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.' endDate = 'String | Required | The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.' } pattern = @{ daysOfWeek = 'StringArray | Optional | A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday | sunday / monday / tuesday / wednesday / thursday / friday / saturday' type = 'String | Optional | The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. | daily / weekly / absoluteMonthly / relativeMonthly / absoluteYearly / relativeYearly' interval = 'UInt32 | Optional | The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.' month = 'UInt32 | Optional | The month in which the event occurs. This is a number from 1 to 12.' index = 'String | Optional | Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. | first / second / third / fourth / last' firstDayOfWeek = 'String | Optional | The first day of the week. | sunday / monday / tuesday / wednesday / thursday / friday / saturday' dayOfMonth = 'UInt32 | Optional | The day of the month on which the event occurs.' } } } } ) RoleSettings = @( @{ ActiveAssigneeNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), default recipient (True/False)' ExpireActiveAssignment = 'String | Optional | Expire active assignments after (Days)' PermanentEligibleAssignmentisExpirationRequired = 'Boolean | Optional | Allow permanent eligible assignment (True/False)' ActivateApprover = 'StringArray | Optional | Approver User UPN and/or Group Displayname' ActiveAssigneeNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), additional recipient (UPN)' DisplayName = 'String | Required | RuleDefinition DisplayName' EligibleAlertNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Role assignment alert, only critical Email (True/False)' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AuthenticationContextId = 'String | Optional | Authorization context id' AssignmentReqMFA = 'Boolean | Optional | Require Azure Multi-Factor Authentication on active assignment (True/False)' EligibleAlertNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as eligible to this role: Role assignment alert, additional recipient (UPN)' ElegibilityAssignmentReqMFA = 'Boolean | Optional | Require Azure Multi-Factor Authentication on eligible assignment (True/False)' ActivationMaxDuration = 'String | Optional | Activation maximum duration (hours).' ActivationReqTicket = 'Boolean | Optional | Require ticket information on activation (True/False)' EligibleAssigneeNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), only critical Email (True/False)' AuthenticationContextName = 'String | Optional | Descriptive name of associated authorization context' ActiveApproveNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)' ApprovaltoActivate = 'Boolean | Optional | Require approval to activate (True/False)' EligibleApproveNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)' ActiveApproveNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)' EligibleAssignmentAssigneeNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)' ElegibilityAssignmentReqJustification = 'Boolean | Optional | Require justification on eligible assignment (True/False)' ActiveAlertNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Role assignment alert, only critical Email (True/False)' EligibleAssignmentAlertNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when eligible members activate this role: Role assignment alert, default recipient (True/False)' EligibleAssignmentAssigneeNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)' PermanentActiveAssignmentisExpirationRequired = 'Boolean | Optional | Allow permanent active assignment (True/False)' EligibleAssignmentAssigneeNotificationOnlyCritical = 'Boolean | Optional | Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)' Ensure = 'String | Optional | Specify if the Azure AD role setting should exist or not. | Present' ActiveAlertNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as active to this role: Role assignment alert, additional recipient (UPN)' ActivationReqJustification = 'Boolean | Optional | Require justification on activation (True/False)' Id = 'String | Optional | Specifies the RoleId.' ActiveApproveNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)' ExpireEligibleAssignment = 'String | Optional | Expire eligible assignments after (Days)' EligibleAssignmentAlertNotificationOnlyCritical = 'Boolean | Optional | Send notifications when eligible members activate this role: Role assignment alert, only critical Email (True/False)' ActiveAlertNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Role assignment alert, default recipient (True/False)' EligibleApproveNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)' AssignmentReqJustification = 'Boolean | Optional | Require justification on active assignment (True/False)' EligibleAssigneeNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), additional recipient (UPN)' EligibleAlertNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Role assignment alert, default recipient (True/False)' EligibleAssignmentAlertNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when eligible members activate this role: Role assignment alert, additional recipient (UPN)' ActivationReqMFA = 'Boolean | Optional | Require MFA on activation (True/False)' EligibleAssigneeNotificationDefaultRecipient = 'Boolean | Optional | Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), default recipient (True/False)' ActiveAssigneeNotificationOnlyCritical = 'Boolean | Optional | Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), only critical Email (True/False)' EligibleApproveNotificationAdditionalRecipient = 'StringArray | Optional | Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)' AuthenticationContextRequired = 'Boolean | Optional | Authorization context is required (True/False)' } ) SecurityDefaults = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Azure AD App should exist or not. | Present / Absent' DisplayName = 'String | Optional | Display name of the security defaults.' IsEnabled = 'Boolean | Optional | Represents whether or not security defaults are enabled.' Description = 'String | Optional | Description of the security defaults.' } ServicePrincipals = @( @{ AccountEnabled = 'Boolean | Optional | True if the service principal account is enabled; otherwise, false.' Tags = 'StringArray | Optional | Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}' Homepage = 'String | Optional | Specifies the homepage of the ServicePrincipal.' DisplayName = 'String | Optional | Displayname of the ServicePrincipal.' Ensure = 'String | Optional | Specify if the Azure AD App should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AlternativeNames = 'StringArray | Optional | The alternative names for this service principal' AppId = 'String | Required | The unique identifier for the associated application.' ErrorUrl = 'String | Optional | Specifies the error URL of the ServicePrincipal.' PublisherName = 'String | Optional | Specifies the PublisherName of the ServicePrincipal.' UniqueId = 'String | Required | Unique ID to identify this specific object' ObjectID = 'String | Optional | The ObjectID of the ServicePrincipal' LogoutUrl = 'String | Optional | Specifies the LogoutURL of the ServicePrincipal.' SamlMetadataUrl = 'String | Optional | The URL for the SAML metadata of the ServicePrincipal.' AppRoleAssignedTo = @( @{ PrincipalType = 'String | Optional | Type of principal. Accepted values are User or Group | Group / User' Identity = 'String | Optional | Unique identity representing the principal.' } ) ServicePrincipalType = 'String | Optional | The type of the service principal.' AppRoleAssignmentRequired = 'Boolean | Optional | Indicates whether an application role assignment is required.' ReplyUrls = 'StringArray | Optional | The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.' ServicePrincipalNames = 'StringArray | Optional | Specifies an array of service principal names. Based on the identifierURIs collection, plus the application''s appId property, these URIs are used to reference an application''s service principal.' } ) SocialIdentityProviders = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' ClientId = 'String | Required | The client identifier for the application obtained when registering the application with the identity provider.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' IdentityProviderType = 'String | Optional | For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat. | AADSignup / EmailOTP / Microsoft / MicrosoftAccount / Google / Amazon / LinkedIn / Facebook / GitHub / Twitter / Weibo / QQ / WeChat' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ClientSecret = 'String | Optional | The client secret for the application that is obtained when the application is registered with the identity provider. This is write-only. A read operation returns ****.' DisplayName = 'String | Optional | The display name of the identity provider.' } ) TenantDetails = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' TechnicalNotificationMails = 'StringArray | Optional | Email-addresses from the people who should receive Technical Notifications' MarketingNotificationEmails = 'StringArray | Optional | Email-addresses from the people who should receive Marketing Notifications' SecurityComplianceNotificationPhones = 'StringArray | Optional | Phone Numbers from the people who should receive Security Notifications' SecurityComplianceNotificationMails = 'StringArray | Optional | Email-addresses from the people who should receive Security Compliance Notifications' } TokenLifetimePolicies = @( @{ IsOrganizationDefault = 'Boolean | Optional | IsOrganizationDefault of the Policy.' Id = 'String | Optional | ObjectID of the Policy.' Ensure = 'String | Optional | Specify if the Azure AD Policy should exist or not. | Present / Absent' Definition = 'StringArray | Optional | Definition of the Policy.' Description = 'String | Optional | Description of the Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisplayName = 'String | Required | DisplayName of the Policy' } ) Users = @( @{ PostalCode = 'String | Optional | The Postal Code of the user' UniqueId = 'String | Required | Unique ID to identify this specific object' Department = 'String | Optional | The Department name of the user' Office = 'String | Optional | The Office Name of the user' DisplayName = 'String | Optional | The display name for the user' Password = 'PSCredential | Optional | The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UsageLocation = 'String | Optional | The country code the user will be assigned to' PasswordNeverExpires = 'Boolean | Optional | Specifies whether the user password expires periodically. Default value is false' Fax = 'String | Optional | The Fax Number of the user' LastName = 'String | Optional | The last name of the user' UserType = 'String | Optional | Specifies the title of the user | Guest / Member / Other / Viral' Country = 'String | Optional | The Country name of the user' PreferredLanguage = 'String | Optional | The Prefered Language of the user' State = 'String | Optional | Specifies the state or province where the user is located' City = 'String | Optional | The City name of the user' Title = 'String | Optional | Specifies the title of the user' MobilePhone = 'String | Optional | The Mobile Phone Number of the user' LicenseAssignment = 'StringArray | Optional | The account SKU Id for the license to be assigned to the user' Ensure = 'String | Optional | Present ensures the user exists, absent ensures it is removed | Present / Absent' MemberOf = 'StringArray | Optional | The Groups that the user is a direct member of' StreetAddress = 'String | Optional | Specifies the street address of the user' Roles = 'StringArray | Optional | The list of Azure Active Directory roles assigned to the user.' PhoneNumber = 'String | Optional | The Phone Number of the user' FirstName = 'String | Optional | The first name of the user' UserPrincipalName = 'String | Required | The login name of the user' PasswordPolicies = 'String | Optional | Specifies password policies for the user.' } ) } Exchange = @{ AcceptedDomains = @( @{ DomainType = 'String | Optional | The type of AcceptedDomain. Currently the EXOAcceptedDomain DSC Resource accepts a value of ''Authoritative'' and ''InternalRelay''. | Authoritative / InternalRelay' OutboundOnly = 'Boolean | Optional | OutboundOnly can only be enabled if the DomainType parameter is set to Authoritative or InternalRelay. The default value is false.' Ensure = 'String | Optional | Specify if the AcceptedDomain should exist or not. | Present / Absent' MatchSubDomains = 'Boolean | Optional | The MatchSubDomains parameter must be false on Authoritative domains. The default value is false.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specify the Fully Qualified Domain Name for the AcceptedDomain.' } ) ActiveSyncDeviceAccessRules = @( @{ AccessLevel = 'String | Optional | The AccessLevel parameter specifies whether the devices are allowed, blocked or quarantined. | Allow / Block / Quarantine' Ensure = 'String | Optional | Specify if the Active Sync Device Access Rule should exist or not. | Present / Absent' Characteristic = 'String | Optional | The Characteristic parameter specifies the device characteristic or category that''s used by the rule. | DeviceModel / DeviceType / DeviceOS / UserAgent / XMSWLHeader' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the identity of the device access rule.' QueryString = 'String | Optional | The QueryString parameter specifies the device identifier that''s used by the rule. This parameter uses a text value that''s used with Characteristic parameter value to define the device.' } ) AddressBookPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Address Book Policy should exist or not. | Present / Absent' AddressLists = 'StringArray | Optional | The AddressLists parameter specifies the address lists that will be used by mailbox users who are assigned this address book policy. This parameter accepts multiple values.' Name = 'String | Required | The Name parameter specifies the name that you want this address book policy to be called.' RoomList = 'String | Optional | The RoomList parameter specifies the name of the room address list.' GlobalAddressList = 'String | Optional | The GlobalAddressList parameter specifies the identity of the global address list (GAL) that will be used by mailbox users who are assigned this address book policy. You can specify only one GAL for each address book policy.' OfflineAddressBook = 'String | Optional | The OfflineAddressBook parameter specifies the identity of the offline address book (OAB) that will be used by mailbox users who are assigned this address book policy. You can specify only one OAB for each address book policy.' } ) AddressLists = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' ConditionalCustomAttribute3 = 'StringArray | Optional | The ConditionalCustomAttribute3 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute3 property.' DisplayName = 'String | Optional | The DisplayName parameter specifies the display name of the address list.' ConditionalCustomAttribute4 = 'StringArray | Optional | The ConditionalCustomAttribute4 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute4 property.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RecipientFilter = 'String | Optional | The RecipientFilter parameter specifies a custom OPath filter that''s based on the value of any available recipient property.' ConditionalCustomAttribute13 = 'StringArray | Optional | The ConditionalCustomAttribute13 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute13 property.' ConditionalCustomAttribute5 = 'StringArray | Optional | The ConditionalCustomAttribute5 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute5 property.' Name = 'String | Required | The Name parameter specifies a unique name for the address list.' ConditionalDepartment = 'StringArray | Optional | The ConditionalDepartment parameter specifies a precanned filter that''s based on the value of the recipient''s Department property.' Ensure = 'String | Optional | Specifies if this AddressList should exist. | Present / Absent' ConditionalCustomAttribute6 = 'StringArray | Optional | The ConditionalCustomAttribute6 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute6 property.' ConditionalCustomAttribute15 = 'StringArray | Optional | The ConditionalCustomAttribute15 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute15 property.' IncludedRecipients = 'StringArray | Optional | The IncludedRecipients parameter specifies a precanned filter that''s based on the recipient type. | AllRecipients / MailboxUsers / MailContacts / MailGroups / MailUsers / Resources' ConditionalCustomAttribute1 = 'StringArray | Optional | The ConditionalCustomAttribute1 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute1 property.' ConditionalCustomAttribute10 = 'StringArray | Optional | The ConditionalCustomAttribute10 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute10 property.' ConditionalCustomAttribute7 = 'StringArray | Optional | The ConditionalCustomAttribute7 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute7 property.' ConditionalCustomAttribute9 = 'StringArray | Optional | The ConditionalCustomAttribute9 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute9 property.' ConditionalStateOrProvince = 'StringArray | Optional | The ConditionalStateOrProvince parameter specifies a precanned filter that''s based on the value of the recipient''s StateOrProvince property.' ConditionalCustomAttribute12 = 'StringArray | Optional | The ConditionalCustomAttribute12 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute12 property.' ConditionalCustomAttribute14 = 'StringArray | Optional | The ConditionalCustomAttribute14 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute14 property.' ConditionalCompany = 'StringArray | Optional | The ConditionalCompany parameter specifies a precanned filter that''s based on the value of the recipient''s Company property.' ConditionalCustomAttribute8 = 'StringArray | Optional | The ConditionalCustomAttribute8 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute8 property.' ConditionalCustomAttribute2 = 'StringArray | Optional | The ConditionalCustomAttribute2 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute2 property.' ConditionalCustomAttribute11 = 'StringArray | Optional | The ConditionalCustomAttribute11 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute11 property.' } ) AntiPhishPolicies = @( @{ EnableFirstContactSafetyTips = 'Boolean | Optional | The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that''s shown when recipients first receive an email from a sender or do not often receive email from a sender.' MakeDefault = 'Boolean | Optional | Make this the default antiphishing policy' PhishThresholdLevel = 'String | Optional | The PhishThresholdLevel parameter specifies the tolerance level that''s used by machine learning in the handling of phishing messages. | 1 / 2 / 3 / 4' EnableTargetedDomainsProtection = 'Boolean | Optional | The�?�EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains.' Identity = 'String | Required | The Identity parameter specifies the name of the antiphishing policy that you want to modify.' HonorDmarcPolicy = 'Boolean | Optional | The HonorDmarcPolicy enables or disables using the sender''s DMARC policy to determine what to do to messages that fail DMARC checks.' Enabled = 'Boolean | Optional | Specify if this policy should be enabled. Default is $true.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MailboxIntelligenceProtectionAction = 'String | Optional | The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.' TargetedDomainsToProtect = 'StringArray | Optional | The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.' EnableOrganizationDomainsProtection = 'Boolean | Optional | The�?�EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.' EnableSpoofIntelligence = 'Boolean | Optional | The EnableSpoofIntelligence parameter specifies whether to enable or disable antispoofing protection for the policy.' EnableSimilarUsersSafetyTips = 'Boolean | Optional | The�?�EnableSimilarUsersSafetyTips�?�parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections.' ExcludedDomains = 'StringArray | Optional | The�?�ExcludedDomains�?�parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.' ImpersonationProtectionState = 'String | Optional | The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.' TargetedDomainActionRecipients = 'StringArray | Optional | The�?�TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value�?�Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.' EnableMailboxIntelligence = 'Boolean | Optional | The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.' TargetedDomainQuarantineTag = 'String | Optional | The TargetedDomainQuarantineTag specifies the quarantine policy that''s used on messages that are quarantined by domain impersonation protection.' EnableSimilarDomainsSafetyTips = 'Boolean | Optional | The�?�EnableSimilarDomainsSafetyTips�?�parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections.' TargetedUserQuarantineTag = 'String | Optional | The TargetedUserQuarantineTag specifies the quarantine policy that''s used on messages that are quarantined by user impersonation protection.' TargetedDomainProtectionAction = 'String | Optional | The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages. | BccMessage / Delete / MoveToJmf / NoAction / Quarantine / Redirect' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' AuthenticationFailAction = 'String | Optional | The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication. | MoveToJmf / Quarantine' TargetedUserProtectionAction = 'String | Optional | The TargetedUserProtectionAction�?�parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter. | BccMessage / Delete / MoveToJmf / NoAction / Quarantine / Redirect' MailboxIntelligenceProtectionActionRecipients = 'StringArray | Optional | The�?�MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value�?�Redirect or BccMessage.' MailboxIntelligenceQuarantineTag = 'String | Optional | The MailboxIntelligenceQuarantineTag specifies the quarantine policy that''s used on messages that are quarantined by mailbox intelligence.' TargetedUsersToProtect = 'StringArray | Optional | The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.' SpoofQuarantineTag = 'String | Optional | The SpoofQuarantineTag specifies the quarantine policy that''s used on messages that are quarantined by spoof intelligence.' EnableUnauthenticatedSender = 'Boolean | Optional | The�?�EnableUnauthenticatedSender�?�parameter enables or disables unauthenticated sender identification in Outlook.' EnableViaTag = 'Boolean | Optional | This setting is part of spoof protection. The�?�EnableViaTag�?�parameter enables or disables adding the via tag to the From address in Outlook.' EnableTargetedUserProtection = 'Boolean | Optional | The�?�EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' EnableUnusualCharactersSafetyTips = 'Boolean | Optional | The�?�EnableUnusualCharactersSafetyTips�?�parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.' EnableMailboxIntelligenceProtection = 'Boolean | Optional | The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user''s individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.' TargetedUserActionRecipients = 'StringArray | Optional | The�?�TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value�?�Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.' ExcludedSenders = 'StringArray | Optional | The�?�ExcludedSenders�?�parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.' } ) AntiPhishRules = @( @{ Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' AntiPhishPolicy = 'String | Required | The AntiPhishPolicy parameter specifies the name of the antiphishing policy that''s associated with the antiphishing rule.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Identity = 'String | Required | The Identity parameter specifies the name of the antiphishing rule that you want to modify.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' Enabled = 'Boolean | Optional | Specify if this rule should be enabled. Default is $true.' } ) ApplicationAccessPolicies = @( @{ AppID = 'StringArray | Optional | The AppID parameter specifies the GUID of the apps to include in the policy.' PolicyScopeGroupId = 'String | Optional | The PolicyScopeGroupID parameter specifies the recipient to define in the policy. You can use any value that uniquely identifies the recipient.' Ensure = 'String | Optional | Specify if the Application Access Policy should exist or not. | Present / Absent' Description = 'String | Optional | The Description parameter specifies a description for the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the application access policy that you want to modify.' AccessRight = 'String | Optional | The AccessRight parameter specifies the permission that you want to assign in the application access policy. | RestrictAccess / DenyAccess' } ) AtpPolicyForO365 = @{ EnableSafeDocs = 'Boolean | Optional | The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Default is $false.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | The Identity parameter specifies the ATP policy that you want to modify. There''s only one policy named Default.' Ensure = 'String | Optional | Since there is only one policy, the default policy, this must be set to ''Present'' | Present' EnableATPForSPOTeamsODB = 'Boolean | Optional | The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams. Default is $false.' AllowSafeDocsOpen = 'Boolean | Optional | The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious.' } AuthenticationPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowBasicAuthRpc = 'Boolean | Optional | The AllowBasicAuthRpc switch specifies whether to allow Basic authentication with RPC.' AllowBasicAuthPop = 'Boolean | Optional | The AllowBasicAuthPop switch specifies whether to allow Basic authentication with POP.' AllowBasicAuthSmtp = 'Boolean | Optional | The AllowBasicAuthSmtp switch specifies whether to allow Basic authentication with SMTP.' AllowBasicAuthMapi = 'Boolean | Optional | The AllowBasicAuthMapi switch specifies whether to allow Basic authentication with MAPI.' AllowBasicAuthImap = 'Boolean | Optional | The AllowBasicAuthImap switch specifies whether to allow Basic authentication with IMAP.' AllowBasicAuthAutodiscover = 'Boolean | Optional | The AllowBasicAuthAutodiscover switch specifies whether to allow Basic authentication with Autodiscover.' Ensure = 'String | Optional | Specify if the authentication Policy should exist or not. | Present / Absent' AllowBasicAuthPowershell = 'Boolean | Optional | The AllowBasicAuthPowerShell switch specifies whether to allow Basic authentication with PowerShell.' AllowBasicAuthActiveSync = 'Boolean | Optional | The AllowBasicAuthActiveSync switch specifies whether to allow Basic authentication with Exchange Active Sync.' AllowBasicAuthOfflineAddressBook = 'Boolean | Optional | The AllowBasicAuthOfflineAddressBook switch specifies whether to allow Basic authentication with Offline Address Books.' Identity = 'String | Required | The Identity parameter specifies the authentication policy you want to view or modify.' AllowBasicAuthReportingWebServices = 'Boolean | Optional | The AllowBasicAuthReporting Web Services switch specifies whether to allow Basic authentication with reporting web services.' AllowBasicAuthOutlookService = 'Boolean | Optional | The AllowBasicAuthOutlookService switch specifies whether to allow Basic authentication with the Outlook service.' AllowBasicAuthWebServices = 'Boolean | Optional | The AllowBasicAuthWebServices switch specifies whether to allow Basic authentication with Exchange Web Services (EWS).' } ) AuthenticationPoliciesAssignment = @( @{ UserName = 'String | Required | Name of the user assigned to the authentication policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AuthenticationPolicyName = 'String | Optional | Name of the authentication policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if the authentication Policy should exist or not. | Present / Absent' } ) AvailabilityAddressSpaces = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specifies if this AvailabilityAddressSpace should exist. | Present / Absent' ForestName = 'String | Optional | The ForestName parameter specifies the SMTP domain name of the target forest for users whose free/busy data must be retrieved. If your users are distributed among multiple SMTP domains in the target forest, run the Add-AvailabilityAddressSpace command once for each SMTP domain.' AccessMethod = 'String | Optional | The AccessMethod parameter specifies how the free/busy data is accessed. Valid values are:PerUserFB, OrgWideFB, OrgWideFBToken, OrgWideFBBasic,InternalProxy | PerUserFB / OrgWideFB / OrgWideFBToken / OrgWideFBBasic / InternalProxy' Identity = 'String | Required | The Identity parameter specifies the AvailabilityAddressSpace you want to modify.' TargetAutodiscoverEpr = 'String | Optional | The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct server endpoint for external requests.' TargetServiceEpr = 'String | Optional | The TargetServiceEpr parameter specifies the Exchange Online Calendar Service URL of the external Microsoft 365 organization that you''re trying to read free/busy information from.' TargetTenantId = 'String | Optional | The TargetTenantID parameter specifies the tenant ID of the external Microsoft 365 organization that you''re trying to read free/busy information from.' Credentials = 'String | Optional | The Credentials parameter specifies the username and password that''s used to access the Availability services in the target forest.' } ) AvailabilityConfigs = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' OrgWideAccount = 'String | Required | Specify the OrgWideAccount for the AvailabilityConfig.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if the AvailabilityConfig should exist or not. | Present / Absent' } ) CalendarProcessings = @( @{ MaximumConflictInstances = 'UInt32 | Optional | The MaximumConflictInstances parameter specifies the maximum number of conflicts for new recurring meeting requests when the AllowRecurringMeetings parameter is set to $true. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0.' BookingType = 'String | Optional | The BookingType parameter specifies how reservations work on the resource mailbox. | Standard / Reserved' ForwardRequestsToDelegates = 'Boolean | Optional | The ForwardRequestsToDelegates parameter specifies whether to forward incoming meeting requests to the delegates that are configured for the resource mailbox.' RemoveCanceledMeetings = 'Boolean | Optional | The RemoveCanceledMeetings parameter specifies whether to automatically delete meetings that were cancelled by the organizer from the resource mailbox''s calendar. ' Identity = 'String | Required | The Identity parameter specifies the resource mailbox that you want to view. You can use any value that uniquely identifies the mailbox.' AdditionalResponse = 'String | Optional | The AdditionalResponse parameter specifies the additional information to be included in responses to meeting requests when the value of the AddAdditionalResponse parameter is $true. If the value contains spaces, enclose the value in quotation marks.' ResourceDelegates = 'StringArray | Optional | The ResourceDelegates parameter specifies users can approve or reject requests that are sent to the resource mailbox. You can use any value that uniquely identifies the user. ' DeleteNonCalendarItems = 'Boolean | Optional | The DeleteNonCalendarItems parameter specifies whether to remove or keep all non-calendar-related messages that are received by the resource mailbox.' RemovePrivateProperty = 'Boolean | Optional | The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnforceSchedulingHorizon = 'Boolean | Optional | The EnforceSchedulingHorizon parameter controls the behavior of recurring meetings that extend beyond the date specified by the BookingWindowInDays parameter.' EnableResponseDetails = 'Boolean | Optional | The EnableResponseDetails parameter specifies whether to include the reasons for accepting or declining a meeting in the response email message.' RequestInPolicy = 'StringArray | Optional | The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ' EnforceCapacity = 'Boolean | Optional | The EnforceCapacity parameter specifies whether to restrict the number of attendees to the capacity of the workspace. For example, if capacity is set to 10, then only 10 people can book the workspace.' AllowConflicts = 'Boolean | Optional | The AllowConflicts parameter specifies whether to allow conflicting meeting requests.' AllRequestInPolicy = 'Boolean | Optional | The AllRequestInPolicy parameter specifies whether to allow all users to submit in-policy requests to the resource mailbox.' BookInPolicy = 'StringArray | Optional | The BookInPolicy parameter specifies users or groups who are allowed to submit in-policy meeting requests to the resource mailbox that are automatically approved. You can use any value that uniquely identifies the user or group.' ConflictPercentageAllowed = 'UInt32 | Optional | The ConflictPercentageAllowed parameter specifies the maximum percentage of meeting conflicts for new recurring meeting requests. A valid value is an integer from 0 through 100. The default value is 0.' AutomateProcessing = 'String | Optional | The AutomateProcessing parameter enables or disables calendar processing on the mailbox. | None / AutoUpdate / AutoAccept' AllRequestOutOfPolicy = 'Boolean | Optional | The AllRequestOutOfPolicy parameter specifies whether to allow all users to submit out-of-policy requests to the resource mailbox.' AddNewRequestsTentatively = 'Boolean | Optional | The AddNewRequestsTentatively parameter specifies whether new meeting requests are added to the calendar as tentative' DeleteAttachments = 'Boolean | Optional | The DeleteAttachments parameter specifies whether to remove attachments from all incoming messages.' Ensure = 'String | Optional | Determines wether or not the instance exist. | Present' ProcessExternalMeetingMessages = 'Boolean | Optional | The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate outside the Exchange organization.' MinimumDurationInMinutes = 'UInt32 | Optional | The MinimumDurationInMinutes parameter specifies the minimum duration in minutes for meeting requests in workspace mailboxes. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0, which means there is no minimum duration.' ScheduleOnlyDuringWorkHours = 'Boolean | Optional | The ScheduleOnlyDuringWorkHours parameter specifies whether to allow meetings to be scheduled outside of the working hours that are defined for the resource mailbox.' RequestOutOfPolicy = 'StringArray | Optional | The RequestOutOfPolicy parameter specifies users who are allowed to submit out-of-policy requests that require approval by a resource mailbox delegate. You can use any value that uniquely identifies the user. ' RemoveOldMeetingMessages = 'Boolean | Optional | The RemoveOldMeetingMessages parameter specifies whether the Calendar Attendant removes old and redundant updates and responses.' TentativePendingApproval = 'Boolean | Optional | The TentativePendingApproval parameter specifies whether to mark pending requests as tentative on the calendar.' MaximumDurationInMinutes = 'UInt32 | Optional | The MaximumDurationInMinutes parameter specifies the maximum duration in minutes for meeting requests. A valid value is an integer from 0 through INT32 (2147483647). The default value is 1440 (24 hours).' OrganizerInfo = 'Boolean | Optional | The OrganizerInfo parameter specifies whether the resource mailbox sends organizer information when a meeting request is declined because of conflicts.' PostReservationMaxClaimTimeInMinutes = 'UInt32 | Optional | N/A' AddOrganizerToSubject = 'Boolean | Optional | The AddOrganizerToSubject parameter specifies whether the meeting organizer''s name is used as the subject of the meeting request.' AllBookInPolicy = 'Boolean | Optional | The AllBookInPolicy parameter specifies whether to automatically approve in-policy requests from all users to the resource mailbox.' AddAdditionalResponse = 'Boolean | Optional | The AddAdditionalResponse parameter specifies whether additional information (the value of the AdditionalResponse parameter) is added to meeting request responses' DeleteComments = 'Boolean | Optional | The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests.' RemoveForwardedMeetingNotifications = 'Boolean | Optional | The RemoveForwardedMeetingNotifications parameter specifies whether forwarded meeting notifications are moved to the Deleted Items folder after they''re processed by the Calendar Attendant. ' EnableAutoRelease = 'Boolean | Optional | N/A' BookingWindowInDays = 'UInt32 | Optional | The BookingWindowInDays parameter specifies the maximum number of days in advance that the resource can be reserved. A valid value is an integer from 0 through 1080. The default value is 180 days. The value 0 means today.' AllowRecurringMeetings = 'Boolean | Optional | The AllowRecurringMeetings parameter specifies whether to allow recurring meetings in meeting requests.' DeleteSubject = 'Boolean | Optional | The DeleteSubject parameter specifies whether to remove or keep the subject of incoming meeting requests. ' } ) CASMailboxPlans = @( @{ OwaMailboxPolicy = 'String | Optional | The OwaMailboxPolicy parameter specifies the Outlook on the web (formerly known as Outlook Web App) mailbox policy for the mailbox plan. The default value is OwaMailboxPolicy-Default. You can use the Get-OwaMailboxPolicy cmdlet to view the available Outlook on the web mailbox policies.' Ensure = 'String | Optional | CASMailboxPlans cannot be created/removed in O365. This must be set to ''Present'' | Present' ActiveSyncEnabled = 'Boolean | Optional | The ActiveSyncEnabled parameter enables or disables access to the mailbox by using Exchange Active Sync. Default is $true.' PopEnabled = 'Boolean | Optional | The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. Default is $true.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the CAS Mailbox Plan that you want to modify.' ImapEnabled = 'Boolean | Optional | The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $true for all CAS mailbox plans except ExchangeOnlineDeskless which is $false by default.' DisplayName = 'String | Optional | The display name of the CAS Mailbox Plan.' } ) CASMailboxSettingsItems = @( @{ ImapEnabled = 'Boolean | Optional | The ImapEnabled parameter enables or disables access to the mailbox using IMAP4 clients.' ImapSuppressReadReceipt = 'Boolean | Optional | The ImapSuppressReadReceipt parameter controls the behavior of read receipts for IMAP4 clients that access the mailbox.' ActiveSyncSuppressReadReceipt = 'Boolean | Optional | The ActiveSyncSuppressReadReceipt parameter controls the behavior of read receipts for Exchange ActiveSync clients that access the mailbox.' Identity = 'String | Required | The Identity parameter specifies the mailbox that you want to configure.' EwsBlockList = 'StringArray | Optional | The EwsBlockList parameter specifies the Exchange Web Services applications (user agent strings) that aren''t allowed to access the mailbox using Exchange Web Services.' EwsAllowEntourage = 'Boolean | Optional | The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services.' OwaMailboxPolicy = 'String | Optional | The OwaMailboxPolicy parameter specifies the Outlook on the web mailbox policy for the mailbox.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SmtpClientAuthenticationDisabled = 'Boolean | Optional | The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the mailbox.' PopForceICalForCalendarRetrievalOption = 'Boolean | Optional | The PopForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to POP3 clients that access the mailbox.' ImapForceICalForCalendarRetrievalOption = 'Boolean | Optional | The ImapForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to IMAP4 clients that access the mailbox.' ShowGalAsDefaultView = 'Boolean | Optional | The ShowGalAsDefaultView parameter specifies whether the global address list (GAL) is the default recipient picker for messages.' OneWinNativeOutlookEnabled = 'Boolean | Optional | The OneWinNativeOutlookEnabled parameter enables or disables access to the mailbox using the new Outlook for Windows.' ActiveSyncBlockedDeviceIDs = 'StringArray | Optional | The ActiveSyncBlockedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that aren''t allowed to synchronize with the mailbox.' MAPIEnabled = 'Boolean | Optional | The MAPIEnabled parameter enables or disables access to the mailbox using MAPI clients (for example, Outlook).' EwsAllowOutlook = 'Boolean | Optional | The EwsAllowOutlook parameter enables or disables access to the mailbox by Outlook clients that use Exchange Web Services.' PopEnabled = 'Boolean | Optional | The PopEnabled parameter enables or disables access to the mailbox using POP3 clients.' OWAforDevicesEnabled = 'Boolean | Optional | The OWAforDevicesEnabled parameter enables or disables access to the mailbox using the older Outlook Web App (OWA) app on iOS and Android devices.' ActiveSyncAllowedDeviceIDs = 'StringArray | Optional | TheActiveSyncAllowedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that are allowed to synchronize with the mailbox.' EwsEnabled = 'Boolean | Optional | The EwsEnabled parameter enables or disables access to the mailbox using Exchange Web Services clients.' OutlookMobileEnabled = 'Boolean | Optional | The OutlookMobileEnabled parameter enables or disables access to the mailbox using Outlook for iOS and Android.' EwsAllowMacOutlook = 'Boolean | Optional | The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Outlook for Mac clients that use Exchange Web Services.' EwsApplicationAccessPolicy = 'String | Optional | The EwsApplicationAccessPolicy parameter controls access to the mailbox using Exchange Web Services applications.' Ensure = 'String | Optional | Present ensures the Mailbox CAS settings are applied. | Present' PublicFolderClientAccess = 'Boolean | Optional | The PublicFolderClientAccess parameter enables or disables access to public folders in Microsoft Outlook.' OWAEnabled = 'Boolean | Optional | The OWAEnabled parameter enables or disables access to the mailbox using Outlook on the web (formerly known as Outlook Web App or OWA).' UniversalOutlookEnabled = 'Boolean | Optional | The UniversalOutlookEnabled parameter enables or disables access to the mailbox using Windows 10 Mail and Calendar.' ActiveSyncMailboxPolicy = 'String | Optional | The ActiveSyncMailboxPolicy parameter specifies the Exchange ActiveSync mailbox policy for the mailbox.' ImapUseProtocolDefaults = 'Boolean | Optional | The ImapUseProtocolDefaults parameter specifies whether to use the IMAP4 protocol defaults for the mailbox.' ActiveSyncDebugLogging = 'Boolean | Optional | The ActiveSyncDebugLogging parameter enables or disables Exchange ActiveSync debug logging for the mailbox.' PopMessagesRetrievalMimeFormat = 'String | Optional | The PopMessagesRetrievalMimeFormat parameter specifies the message format for POP3 clients that access the mailbox.' ImapMessagesRetrievalMimeFormat = 'String | Optional | The ImapMessagesRetrievalMimeFormat parameter specifies the message format for IMAP4 clients that access the mailbox.' ActiveSyncEnabled = 'Boolean | Optional | The ActiveSyncEnabled parameter enables or disables access to the mailbox using Exchange ActiveSync.' MacOutlookEnabled = 'Boolean | Optional | The MacOutlookEnabled parameter enables or disables access to the mailbox using Outlook for Mac clients that use Microsoft Sync technology.' PopSuppressReadReceipt = 'Boolean | Optional | The PopSuppressReadReceipt parameter controls the behavior of read receipts for POP3 clients that access the mailbox.' EwsAllowList = 'StringArray | Optional | The EwsAllowList parameter specifies the Exchange Web Services applications (user agent strings) that are allowed to access the mailbox.' PopUseProtocolDefaults = 'Boolean | Optional | The PopUseProtocolDefaults parameter specifies whether to use the POP3 protocol defaults for the mailbox.' } ) ClientAccessRules = @( @{ Action = 'String | Required | The Action parameter specifies the action for the client access rule. Valid values for this parameter are AllowAccess and DenyAccess. | AllowAccess / DenyAccess' AnyOfAuthenticationTypes = 'StringArray | Optional | The AnyOfAuthenticationTypes parameter specifies a condition for the client access rule that is based on the client''s authentication type. Valid values for this parameter are AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication. | AdfsAuthentication / BasicAuthentication / CertificateBasedAuthentication / NonBasicAuthentication / OAuthAuthentication' Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the client access rule. A lower integer value indicates a higher priority, and a higher priority rule is evaluated before a lower priority rule. The default value is 1.' ExceptAnyOfProtocols = 'StringArray | Optional | The ExceptAnyOfProtocols parameter specifies an exception for the client access rule that is based on the client''s protocol. Valid values for this parameter are ExchangeActiveSync,ExchangeAdminCenter,ExchangeWebServices,IMAP4,OfflineAddressBook,OutlookAnywhere,OutlookWebApp,POP3,PowerShellWebServices,RemotePowerShell,REST,UniversalOutlook. | ExchangeActiveSync / ExchangeAdminCenter / ExchangeWebServices / IMAP4 / OfflineAddressBook / OutlookAnywhere / OutlookWebApp / POP3 / PowerShellWebServices / RemotePowerShell / REST / UniversalOutlook' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AnyOfClientIPAddressesOrRanges = 'StringArray | Optional | The AnyOfClientIPAddressesOrRanges parameter specifies a condition for the client access rule that is based on the client''s IP address. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.' Ensure = 'String | Optional | Specifies if this Client Access Rule should exist. | Present / Absent' ExceptUsernameMatchesAnyOfPatterns = 'StringArray | Optional | The ExceptUsernameMatchesAnyOfPatterns parameter specifies an exception for the client access rule that is based on the user''s account name.' ExceptAnyOfAuthenticationTypes = 'StringArray | Optional | The ExceptAnyOfAuthenticationTypes parameter specifies an exception for the client access rule that is based on the client''s authentication type. Valid values for this parameter are AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication. | AdfsAuthentication / BasicAuthentication / CertificateBasedAuthentication / NonBasicAuthentication / OAuthAuthentication' Identity = 'String | Required | The Identity parameter specifies the client access rule that you want to modify.' ExceptAnyOfClientIPAddressesOrRanges = 'StringArray | Optional | The ExceptAnyOfClientIPAddressesOrRanges parameter specifies an exception for the client access rule that is based on the client''s IP address. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.' UserRecipientFilter = 'String | Optional | The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to identify the user.' AnyOfProtocols = 'StringArray | Optional | The AnyOfProtocols parameter specifies a condition for the client access rule that is based on the client''s protocol. Valid values for this parameter are ExchangeActiveSync,ExchangeAdminCenter,ExchangeWebServices,IMAP4,OfflineAddressBook,OutlookAnywhere,OutlookWebApp,POP3,PowerShellWebServices,RemotePowerShell,REST,UniversalOutlook. | ExchangeActiveSync / ExchangeAdminCenter / ExchangeWebServices / IMAP4 / OfflineAddressBook / OutlookAnywhere / OutlookWebApp / POP3 / PowerShellWebServices / RemotePowerShell / REST / UniversalOutlook' RuleScope = 'String | Optional | The RuleScope parameter specifies the scope of the client access rule. Valid values are All and Users | All / Users' UsernameMatchesAnyOfPatterns = 'StringArray | Optional | The UsernameMatchesAnyOfPatterns parameter specifies a condition for the client access rule that is based on the user''s account name.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the client access rule is enabled or disabled. Default is $true.' } ) DataClassifications = @( @{ Description = 'String | Optional | The Description parameter specifies a description for the data classification rule. You use the Description parameter with the Locale and Name parameters to specify descriptions for the data classification rule in different languages. ' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IsDefault = 'Boolean | Optional | IsDefault is used with the Locale parameter to specify the default language for the data classification rule.' Ensure = 'String | Optional | Specifies if this policy should exist. | Present / Absent' Fingerprints = 'StringArray | Optional | The Fingerprints parameter specifies the byte-encoded document files that are used as fingerprints by the data classification rule.' Name = 'String | Optional | The Name parameter specifies a name for the data classification rule. The value must be less than 256 characters.' Identity = 'String | Required | The Identity parameter specifies the data classification rule that you want to modify.' Locale = 'String | Optional | The Locale parameter adds or removes languages that are associated with the data classification rule.' } ) DataEncryptionPolicies = @( @{ Name = 'String | Optional | The Name parameter specifies the unique name for the data encryption policy.' PermanentDataPurgeContact = 'String | Optional | The PermanentDataPurgeContact parameter specifies a contact for the purge of all data that''s encrypted by the data encryption policy.' AzureKeyIDs = 'StringArray | Optional | The AzureKeyIDs parameter specifies the URI values of the Azure Key Vault keys to associate with the data encryption policy.' Enabled = 'Boolean | Optional | The Enabled parameter enables or disable the data encryption policy.' Ensure = 'String | Optional | Specifies if this policy should exist. | Present / Absent' Description = 'String | Optional | The Description parameter specifies an optional description for the data encryption policy' PermanentDataPurgeReason = 'String | Optional | The PermanentDataPurgeReason parameter specifies a descriptive reason for the purge of all data that''s encrypted by the data encryption policy' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the data encryption policy that you want to modify.' } ) DistributionGroups = @( @{ CustomAttribute12 = 'String | Optional | This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' CustomAttribute10 = 'String | Optional | This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' RequireSenderAuthenticationEnabled = 'Boolean | Optional | The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders.' Description = 'String | Optional | Description of the distribution group.' Identity = 'String | Required | The Identity parameter specifies the distribution group or mail-enabled security group that you want to modify. You can use any value that uniquely identifies the group.' CustomAttribute8 = 'String | Optional | This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' DisplayName = 'String | Optional | The DisplayName parameter specifies the display name of the group. The display name is visible in the Exchange admin center and in address lists. The maximum length is 256 characters.' BccBlocked = 'Boolean | Optional | Is Bcc blocked for the distribution group.' CustomAttribute3 = 'String | Optional | This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' Name = 'String | Required | The Name parameter specifies a unique name for the address list.' CustomAttribute7 = 'String | Optional | This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' CustomAttribute1 = 'String | Optional | This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' AcceptMessagesOnlyFromDLMembers = 'StringArray | Optional | The AcceptMessagesOnlyFromDLMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.' RoomList = 'Boolean | Optional | The RoomList switch specifies that all members of this distribution group are room mailboxes. You don''t need to specify a value with this switch.' HiddenFromAddressListsEnabled = 'Boolean | Optional | The HiddenFromAddressListsEnabled parameter specifies whether this recipient is visible in address lists.' MemberDepartRestriction = 'String | Optional | The MemberDepartRestriction parameter specifies the restrictions that you put on requests to leave the group. Valid values are: Open & Closed | Open / Closed' CustomAttribute6 = 'String | Optional | This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' HiddenGroupMembershipEnabled = 'Boolean | Optional | The HiddenGroupMembershipEnabled switch specifies whether to hide the members of the distribution group from members of the group and users who aren''t members of the group.' BypassNestedModerationEnabled = 'Boolean | Optional | The ByPassNestedModerationEnabled parameter specifies how to handle message approval when a moderated group contains other moderated groups as members.' CustomAttribute13 = 'String | Optional | This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' ModeratedBy = 'StringArray | Optional | The ModeratedBy parameter specifies one or more moderators for this group. A moderator approves messages sent to the group before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator.' CustomAttribute14 = 'String | Optional | This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' ModerationEnabled = 'Boolean | Optional | The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.' Members = 'StringArray | Optional | The Members parameter specifies the recipients (mail-enabled objects) that are members of the group. You can use any value that uniquely identifies the recipient.' CustomAttribute4 = 'String | Optional | This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' Ensure = 'String | Optional | Specifies if this AddressList should exist. | Present / Absent' SendOofMessageToOriginatorEnabled = 'Boolean | Optional | The SendOofMessageToOriginatorEnabled parameter specifies how to handle out of office (OOF) messages for members of the group.' CustomAttribute5 = 'String | Optional | This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' CustomAttribute15 = 'String | Optional | This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' PrimarySmtpAddress = 'String | Optional | The PrimarySmtpAddress parameter specifies the primary return email address that''s used for the recipient.' MemberJoinRestriction = 'String | Optional | The MemberJoinRestriction parameter specifies the restrictions that you put on requests to join the group. Valid values are: Open, Closed & ApprovalRequired | Open / Closed / ApprovalRequired' CustomAttribute9 = 'String | Optional | This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' Type = 'String | Optional | The Type parameter specifies the type of group that you want to create. Valid values are: Distribution, Security | Distribution / Security' Alias = 'String | Optional | Exchange alias (also known as the mail nickname) for the recipient' ManagedBy = 'StringArray | Optional | The ManagedBy parameter specifies an owner for the group. A group must have at least one owner.' GrantSendOnBehalfTo = 'StringArray | Optional | The GrantSendOnBehalfTo parameter specifies who can send on behalf of this group. Although messages send on behalf of the group clearly show the sender in the From field (<Sender> on behalf of <Group>), replies to these messages are delivered to the group, not the sender.' CustomAttribute2 = 'String | Optional | This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' AcceptMessagesOnlyFromSendersOrMembers = 'StringArray | Optional | The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.' SendModerationNotifications = 'String | Optional | The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: Always, Internal, Never. | Always / Internal / Never' Notes = 'String | Optional | The Notes parameters specifies additional information about the object.' OrganizationalUnit = 'String | Optional | The OrganizationalUnit parameter specifies the location in Active Directory where the group is created.' CustomAttribute11 = 'String | Optional | This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.' EmailAddresses = 'StringArray | Optional | The EmailAddresses parameter specifies all email addresses (proxy addresses) for the recipient, including the primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy addresses are typically set by email address policies. However, you can use this parameter to configure other proxy addresses for the recipient.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AcceptMessagesOnlyFrom = 'StringArray | Optional | The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.' } ) DkimSigningConfigs = @( @{ Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the DKIM Signing Configuration is enabled or disabled. Default is $true.' KeySize = 'UInt16 | Optional | The KeySize parameter specifies the size in bits of the public key that''s used in the DKIM signing policy. The only available value is 1024. | 1024' Ensure = 'String | Optional | Specifies if this Client Access Rule should exist. | Present / Absent' BodyCanonicalization = 'String | Optional | The BodyCanonicalization parameter specifies the canonicalization algorithm that''s used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are ''Simple'' or ''Relaxed''. ''Relaxed'' is the default. | Simple / Relaxed' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the DKIM signing policy that you want to modify. This should be the FQDN. ' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' HeaderCanonicalization = 'String | Optional | The HeaderCanonicalization parameter specifies the canonicalization algorithm that''s used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are ''Simple'' or ''Relaxed''. ''Relaxed'' is the default. | Simple / Relaxed' } ) EmailAddressPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' ManagedByFilter = 'String | Optional | The ManagedByFilter parameter specifies the email address policies to apply to Office 365 groups based on the properties of the users who create the Office 365 groups.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnabledPrimarySMTPAddressTemplate = 'StringArray | Optional | The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy that''s used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy addresses.' Ensure = 'String | Optional | Specify if the Email Address Policy should exist or not. | Present / Absent' Name = 'String | Required | The Name parameter specifies the unique name of the email address policy. The maximum length is 64 characters.' Priority = 'String | Optional | The Priority parameter specifies the order that the email address policies are evaluated. By default, every time that you add a new email address policy, the policy is assigned a priority of N+1, where N is the number of email address policies that you''ve created.' EnabledEmailAddressTemplates = 'StringArray | Optional | The EnabledEmailAddressTemplates parameter specifies the rules in the email address policy that are used to generate email addresses for recipients.' } ) GlobalAddressLists = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' ConditionalCustomAttribute3 = 'StringArray | Optional | The ConditionalCustomAttribute3 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute3 property.' ConditionalStateOrProvince = 'StringArray | Optional | The ConditionalStateOrProvince parameter specifies a precanned filter that''s based on the value of the recipient''s StateOrProvince property.' ConditionalCustomAttribute4 = 'StringArray | Optional | The ConditionalCustomAttribute4 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute4 property.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RecipientFilter = 'String | Optional | The RecipientFilter parameter specifies an OPath filter that''s based on the value of any available recipient property.' ConditionalCustomAttribute13 = 'StringArray | Optional | The ConditionalCustomAttribute13 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute13 property.' ConditionalCustomAttribute5 = 'StringArray | Optional | The ConditionalCustomAttribute5 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute5 property.' Name = 'String | Required | The Name parameter specifies the unique name of the GAL. The maximum length is 64 characters.' ConditionalDepartment = 'StringArray | Optional | The ConditionalDepartment parameter specifies a precanned filter that''s based on the value of the recipient''s Department property.' Ensure = 'String | Optional | Specify if the Global Address List should exist or not. | Present / Absent' ConditionalCustomAttribute6 = 'StringArray | Optional | The ConditionalCustomAttribute6 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute6 property.' ConditionalCustomAttribute15 = 'StringArray | Optional | The ConditionalCustomAttribute15 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute15 property.' IncludedRecipients = 'StringArray | Optional | The IncludedRecipients parameter specifies a precanned filter that''s based on the recipient type. | / AllRecipients / MailboxUsers / MailContacts / MailGroups / MailUsers / Resources' ConditionalCustomAttribute1 = 'StringArray | Optional | The ConditionalCustomAttribute1 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute1 property.' ConditionalCustomAttribute10 = 'StringArray | Optional | The ConditionalCustomAttribute10 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute10 property.' ConditionalCustomAttribute7 = 'StringArray | Optional | The ConditionalCustomAttribute7 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute7 property.' ConditionalCustomAttribute9 = 'StringArray | Optional | The ConditionalCustomAttribute9 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute9 property.' ConditionalCustomAttribute12 = 'StringArray | Optional | The ConditionalCustomAttribute12 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute12 property.' ConditionalCustomAttribute14 = 'StringArray | Optional | The ConditionalCustomAttribute14 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute14 property.' ConditionalCompany = 'StringArray | Optional | The ConditionalCompany parameter specifies a precanned filter that''s based on the value of the recipient''s Company property.' ConditionalCustomAttribute8 = 'StringArray | Optional | The ConditionalCustomAttribute8 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute8 property.' ConditionalCustomAttribute2 = 'StringArray | Optional | The ConditionalCustomAttribute2 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute2 property.' ConditionalCustomAttribute11 = 'StringArray | Optional | The ConditionalCustomAttribute11 parameter specifies a precanned filter that''s based on the value of the recipient''s CustomAttribute11 property.' } ) GroupSettingsItems = @( @{ MailboxRegion = 'String | Optional | The MailboxRegion parameter specifies the preferred data location (PDL) for the Microsoft 365 Group in multi-geo environments.' ModeratedBy = 'StringArray | Optional | The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator. ' CustomAttribute10 = 'String | Optional | This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' RequireSenderAuthenticationEnabled = 'Boolean | Optional | The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders. ' ModerationEnabled = 'Boolean | Optional | The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.' ExtensionCustomAttribute4 = 'String | Optional | This parameter specifies a value for the ExtensionCustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.' CalendarMemberReadOnly = 'Boolean | Optional | The CalendarMemberReadOnly parameter specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.' CustomAttribute8 = 'String | Optional | This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' DisplayName = 'String | Required | The DisplayName parameter specifies the name of the Microsoft 365 Group. The display name is visible in the Exchange admin center, address lists, and Outlook. The maximum length is 64 characters.' CustomAttribute1 = 'String | Optional | This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' InformationBarrierMode = 'String | Optional | The InformationBarrierMode parameter specifies the information barrier mode for the Microsoft 365 Group. | Explicit / Implicit / Open / OwnerModerated' DataEncryptionPolicy = 'String | Optional | The DataEncryptionPolicy parameter specifies the data encryption policy that''s applied to the Microsoft 365 Group. ' MailTipTranslations = 'String | Optional | The MailTipTranslations parameter specifies additional languages for the custom MailTip text that''s defined by the MailTip parameter.' UnifiedGroupWelcomeMessageEnabled = 'Boolean | Optional | The UnifiedGroupWelcomeMessageEnabled switch specifies whether to enable or disable sending system-generated welcome messages to users who are added as members to the Microsoft 365 Group.' MaxReceiveSize = 'String | Optional | The MaxReceiveSize parameter specifies the maximum size of an email message that can be sent to this group. Messages that exceed the maximum size are rejected by the group.' Classification = 'String | Optional | The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.' CustomAttribute2 = 'String | Optional | This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' CustomAttribute13 = 'String | Optional | This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' HiddenFromAddressListsEnabled = 'Boolean | Optional | The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.' MaxSendSize = 'String | Optional | The MaxSendSize parameter specifies the maximum size of an email message that can be sent by this group.' ExtensionCustomAttribute2 = 'String | Optional | This parameter specifies a value for the ExtensionCustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.' CustomAttribute6 = 'String | Optional | This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' RejectMessagesFromSendersOrMembers = 'StringArray | Optional | The RejectMessagesFromSendersOrMembers parameter specifies who isn''t allowed to send messages to this recipient. Messages from these senders are rejected.' AuditLogAgeLimit = 'String | Optional | The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn''t affect existing group members.' ExtensionCustomAttribute3 = 'String | Optional | This parameter specifies a value for the ExtensionCustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.' SubscriptionEnabled = 'Boolean | Optional | The SubscriptionEnabled switch specifies whether the group owners can enable subscription to conversations and calendar events on the groups they own. ' AccessType = 'String | Optional | Private | Public / Private' CustomAttribute3 = 'String | Optional | This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' CustomAttribute14 = 'String | Optional | This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' MailTip = 'String | Optional | The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when they start drafting an email message to this recipient. ' AlwaysSubscribeMembersToCalendarEvents = 'Boolean | Optional | The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn''t affect existing group members.' CustomAttribute15 = 'String | Optional | This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' CustomAttribute7 = 'String | Optional | This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' Id = 'String | Optional | The unique Id of the group' AcceptMessagesOnlyFromSendersOrMembers = 'StringArray | Optional | The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.' ExtensionCustomAttribute1 = 'String | Optional | This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.' Notes = 'String | Optional | The Notes parameter specifies the description of the Microsoft 365 Group. If the value contains spaces, enclose the value in quotation marks.' ExtensionCustomAttribute5 = 'String | Optional | This parameter specifies a value for the ExtensionCustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.' CustomAttribute4 = 'String | Optional | This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' CustomAttribute5 = 'String | Optional | This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' ConnectorsEnabled = 'Boolean | Optional | The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.' CustomAttribute9 = 'String | Optional | This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' GrantSendOnBehalfTo = 'StringArray | Optional | The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.' AutoSubscribeNewMembers = 'Boolean | Optional | The AutoSubscribeNewMembers switch specifies whether to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events. Only users that are added to the group after you enable this setting are automatically subscribed to the group.' PrimarySmtpAddress = 'String | Optional | The PrimarySmtpAddress parameter specifies the primary return email address that''s used for the recipient. You can''t use the EmailAddresses and PrimarySmtpAddress parameters in the same command.' IsMemberAllowedToEditContent = 'Boolean | Optional | This parameter specifies whether or not members are allow to edit content.' Language = 'String | Optional | The Language parameter specifies language preference for the Microsoft 365 Group.' CustomAttribute11 = 'String | Optional | This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' EmailAddresses = 'StringArray | Optional | The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address.' SensitivityLabelId = 'String | Optional | The SensitivityLabelId parameter specifies the GUID value of the sensitivity label that''s assigned to the Microsoft 365 Group.' HiddenFromExchangeClientsEnabled = 'Boolean | Optional | The HiddenFromExchangeClientsEnabled switch specifies whether the Microsoft 365 Group is hidden from Outlook clients connected to Microsoft 365.' CustomAttribute12 = 'String | Optional | This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.' } ) HostedConnectionFilterPolicies = @( @{ IPAllowList = 'StringArray | Optional | The IPAllowList parameter specifies IP addresses from which messages are always allowed. Messages from the IP addresses you specify won''t be identified as spam, despite any other spam characteristics of the messages. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.' EnableSafeList = 'Boolean | Optional | The EnableSafeList parameter enables or disables use of the safe list. The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration. Valid input for this parameter is $true or $false. The default value is $false.' Ensure = 'String | Optional | Specifies if this Hosted Connection Filter Policy should exist. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MakeDefault = 'Boolean | Optional | The MakeDefault parameter makes the specified policy the default connection filter policy. Default is $false.' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' Identity = 'String | Required | The Identity parameter specifies the Hosted Connection Filter Policy that you want to modify.' IPBlockList = 'StringArray | Optional | The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP addresses you specify are blocked without any further spam scanning. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.' } ) HostedContentFilterPolicies = @( @{ HighConfidenceSpamAction = 'String | Optional | The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high confidence spam. | MoveToJmf / AddXHeader / ModifySubject / Redirect / Delete / Quarantine / NoAction' MakeDefault = 'Boolean | Optional | The MakeDefault parameter makes the specified content filter policy the default content filter policy. The default value is $false' TestModeBccToRecipients = 'StringArray | Optional | The TestModeBccToRecipients parameter specifies the blind carbon copy recipients to add to spam messages when the TestModeAction action parameter is set to the value BccMessage.' MarkAsSpamWebBugsInHtml = 'String | Optional | The MarkAsSpamWebBugsInHtml parameter classifies the message as spam when the message contains web bugs. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' MarkAsSpamFramesInHtml = 'String | Optional | The MarkAsSpamFramesInHtml parameter classifies the message as spam when the message contains HTML <frame> or <iframe> tags. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' Identity = 'String | Required | The Identity parameter specifies the name of the Hosted Content Filter Policy that you want to modify.' EndUserSpamNotificationLanguage = 'String | Optional | The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages. The default value is Default. This means the default language of end-user spam notification messages is the default language of the cloud-based organization. | Default / English / French / German / Italian / Japanese / Spanish / Korean / Portuguese / Russian / ChineseSimplified / ChineseTraditional / Amharic / Arabic / Bulgarian / BengaliIndia / Catalan / Czech / Cyrillic / Danish / Greek / Estonian / Basque / Farsi / Finnish / Filipino / Galician / Gujarati / Hebrew / Hindi / Croatian / Hungarian / Indonesian / Icelandic / Kazakh / Kannada / Lithuanian / Latvian / Malayalam / Marathi / Malay / Dutch / NorwegianNynorsk / Norwegian / Oriya / Polish / PortuguesePortugal / Romanian / Slovak / Slovenian / SerbianCyrillic / Serbian / Swedish / Swahili / Tamil / Telugu / Thai / Turkish / Ukrainian / Urdu / Vietnamese' MarkAsSpamEmbedTagsInHtml = 'String | Optional | The MarkAsSpamEmbedTagsInHtml parameter classifies the message as spam when the message contains HTML <embed> tags. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' BulkThreshold = 'UInt32 | Optional | The BulkThreshold parameter specifies the Bulk Complaint Level (BCL) threshold setting. Valid values are from 1 - 9, where 1 marks most bulk email as spam, and 9 allows the most bulk email to be delivered. The default value is 7.' EnableLanguageBlockList = 'Boolean | Optional | The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' HighConfidenceSpamQuarantineTag = 'String | Optional | The HighConfidenceSpamQuarantineTag parameter specifies the quarantine policy that''s used on messages that are quarantined as high confidence spam.' PhishZapEnabled = 'Boolean | Optional | The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing messages in delivered messages in Exchange Online mailboxes.' EndUserSpamNotificationCustomSubject = 'String | Optional | The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification messages.' MarkAsSpamSensitiveWordList = 'String | Optional | The MarkAsSpamSensitiveWordList parameter classifies the message as spam when the message contains words from the sensitive words list. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' MarkAsSpamFormTagsInHtml = 'String | Optional | The MarkAsSpamFormTagsInHtml parameter classifies the message as spam when the message contains HTML <form> tags. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' SpamZapEnabled = 'Boolean | Optional | The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in delivered messages in Exchange Online mailboxes.' MarkAsSpamJavaScriptInHtml = 'String | Optional | The MarkAsSpamJavaScriptInHtml parameter classifies the message as spam when the message contains JavaScript or VBScript. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' BulkSpamAction = 'String | Optional | The BulkSpamAction parameter specifies the action to take on messages that are classified as bulk email. | MoveToJmf / AddXHeader / ModifySubject / Redirect / Delete / Quarantine / NoAction' BlockedSenders = 'StringArray | Optional | The BlockedSenders parameter specifies senders that are always marked as spam sources.' IncreaseScoreWithImageLinks = 'String | Optional | The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to remote websites. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' AddXHeaderValue = 'String | Optional | The AddXHeaderValue parameter specifies the X-header value to add to spam messages when an action parameter is set to the value AddXHeader.' MarkAsSpamNdrBackscatter = 'String | Optional | The MarkAsSpamNdrBackscatter parameter classifies the message as spam when the message is a non-delivery report (NDR) to a forged sender. Valid values for this parameter are Off or On. The default value is Off. | Off / On / Test' QuarantineRetentionPeriod = 'UInt32 | Optional | The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the quarantine. Valid input for this parameter is an integer between 1 and 30. The default value is 15.' InlineSafetyTipsEnabled = 'Boolean | Optional | The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages. The default is $true' PhishSpamAction = 'String | Optional | The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing | MoveToJmf / AddXHeader / ModifySubject / Redirect / Delete / Quarantine / NoAction' HighConfidencePhishAction = 'String | Optional | The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing | MoveToJmf / Redirect / Quarantine' EnableRegionBlockList = 'Boolean | Optional | The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.' MarkAsSpamObjectTagsInHtml = 'String | Optional | The MarkAsSpamObjectTagsInHtml parameter classifies the message as spam when the message contains HTML <object> tags. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' IncreaseScoreWithRedirectToOtherPort = 'String | Optional | The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links that redirect to other TCP ports. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' AllowedSenderDomains = 'StringArray | Optional | The AllowedSenderDomains parameter specifies trusted domains that aren''t processed by the spam filter.' TestModeAction = 'String | Optional | The TestModeAction parameter specifies the additional action to take on messages that match any of the IncreaseScoreWith or MarkAsSpam parameters that are set to the value Test. | None / AddXHeader / BccMessage' MarkAsSpamSpfRecordHardFail = 'String | Optional | The MarkAsSpamSpfRecordHardFail parameter classifies the message as spam when Sender Policy Framework (SPF) record checking encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off. | Off / On / Test' ModifySubjectValue = 'String | Optional | The ModifySubjectValue parameter specifies the text to prepend to the existing subject of spam messages when an action parameter is set to the value ModifySubject.' EnableEndUserSpamNotifications = 'Boolean | Optional | The EnableEndUserSpamNotification parameter enables for disables sending end-user spam quarantine notification messages. Valid input for this parameter is $true or $false. The default value is $false.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' MarkAsSpamEmptyMessages = 'String | Optional | The MarkAsSpamEmptyMessages parameter classifies the message as spam when the message is empty. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' PhishQuarantineTag = 'String | Optional | The PhishQuarantineTag parameter specifies the quarantine policy that''s used on messages that are quarantined as phishing.' SpamAction = 'String | Optional | The SpamAction parameter specifies the action to take on messages that are classified as spam (not high confidence spam, bulk email, or phishing). | MoveToJmf / AddXHeader / ModifySubject / Redirect / Delete / Quarantine / NoAction' MarkAsSpamBulkMail = 'String | Optional | The MarkAsSpamBulkMail parameter classifies the message as spam when the message is identified as a bulk email message. Valid values for this parameter are Off, On or Test. The default value is On. | Off / On / Test' LanguageBlockList = 'StringArray | Optional | The LanguageBlockList parameter specifies the languages to block when messages are blocked based on their language. Valid input for this parameter is a supported ISO 639-1 lowercase two-letter language code. You can specify multiple values separated by commas. This parameter is only use when the EnableRegionBlockList parameter is set to $true.' BulkQuarantineTag = 'String | Optional | The BulkQuarantineTag parameter specifies the quarantine policy that''s used on messages that are quarantined as bulk email.' RedirectToRecipients = 'StringArray | Optional | The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are BulkSpamAction, HighConfidencePhishAction, HighConfidenceSpamAction, PhishSpamAction and SpamAction.' AllowedSenders = 'StringArray | Optional | The AllowedSenders parameter specifies a list of trusted senders that aren''t processed by the spam filter.' IncreaseScoreWithNumericIps = 'String | Optional | The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP addresses. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' RegionBlockList = 'StringArray | Optional | The RegionBlockList parameter specifies the region to block when messages are blocked based on their source region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList parameter is set to $true.' HighConfidencePhishQuarantineTag = 'String | Optional | The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that''s used on messages that are quarantined as high confidence phishing.' SpamQuarantineTag = 'String | Optional | The SpamQuarantineTag parameter specifies the quarantine policy that''s used on messages that are quarantined as spam.' IntraOrgFilterState = 'String | Optional | The IntraOrgFilterState parameter specifies whether to enable anti-spam filtering for messages sent between internal users (users in the same organization). | Default / HighConfidencePhish / Phish / HighConfidenceSpam / Spam / Disabled' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' IncreaseScoreWithBizOrInfoUrls = 'String | Optional | The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or .info domains. Valid values for this parameter are Off, On or Test. The default value is Off. | Off / On / Test' EndUserSpamNotificationFrequency = 'UInt32 | Optional | The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3.' MarkAsSpamFromAddressAuthFail = 'String | Optional | The MarkAsSpamFromAddressAuthFail parameter classifies the message as spam when Sender ID filtering encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off. | Off / On / Test' BlockedSenderDomains = 'StringArray | Optional | The BlockedSenderDomains parameter specifies domains that are always marked as spam sources.' DownloadLink = 'Boolean | Optional | The DownloadLink parameter shows or hides a link in end-user spam notification messages to download the Junk Email Reporting Tool plugin for Outlook. Valid input for this parameter is $true or $false. The default value is $false.' } ) HostedContentFilterRules = @( @{ Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' HostedContentFilterPolicy = 'String | Required | The HostedContentFilterPolicy parameter specifies the name of the HostedContentFilter policy that''s associated with the HostedContentFilter rule.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Identity = 'String | Required | The Identity parameter specifies the name of the HostedContentFilter rule that you want to modify.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' Enabled = 'Boolean | Optional | Specify if this rule should be enabled. Default is $true.' } ) HostedOutboundSpamFilterPolicies = @( @{ AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' BccSuspiciousOutboundAdditionalRecipients = 'StringArray | Optional | The BccSuspiciousOutboundAdditionalRecipients parameter specifies the recipients to add to the Bcc field of outgoing spam messages. Valid input for this parameter is an email address. Separate multiple email addresses with commas.' NotifyOutboundSpamRecipients = 'StringArray | Optional | The NotifyOutboundSpamRecipients parameter specifies the administrators to notify when an outgoing message is determined to be spam. Valid input for this parameter is an email address. Separate multiple email addresses with commas.' RecipientLimitInternalPerHour = 'String | Optional | The RecipientLimitInternalPerHour parameter specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.' RecipientLimitPerDay = 'String | Optional | The RecipientLimitPerDay parameter specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.' ActionWhenThresholdReached = 'String | Optional | The ActionWhenThresholdReached parameter specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert, BlockUser, BlockUserForToday. BlockUserForToday is the default value.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' Identity = 'String | Required | The Identity parameter specifies the name of the policy that you want to modify. There is only one policy named ''Default''' RecipientLimitExternalPerHour = 'String | Optional | The RecipientLimitExternalPerHour parameter specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.' AutoForwardingMode = 'String | Optional | The AutoForwardingMode specifies how the policy controls automatic email forwarding to outbound recipients. Valid values are: Automatic, On, Off.' NotifyOutboundSpam = 'Boolean | Optional | The NotifyOutboundSpam parameter enables or disables sending notification messages to administrators when an outgoing message is determined to be spam. Valid input for this parameter is $true or $false. The default value is $false. You specify the administrators to notify by using the NotifyOutboundSpamRecipients parameter.' BccSuspiciousOutboundMail = 'Boolean | Optional | The BccSuspiciousOutboundMail parameter enables or disables adding recipients to the Bcc field of outgoing spam messages. Valid input for this parameter is $true or $false. The default value is $false. You specify the additional recipients using the BccSuspiciousOutboundAdditionalRecipients parameter.' } ) HostedOutboundSpamFilterRules = @( @{ ExceptIfFrom = 'StringArray | Optional | The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders. You can use any value that uniquely identifies the sender.' Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ExceptIfSenderDomainIs = 'StringArray | Optional | The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' FromMemberOf = 'StringArray | Optional | The FromMemberOf parameter specifies a condition that looks for messages sent by group members. You can use any value that uniquely identifies the group.' Identity = 'String | Required | The Identity parameter specifies the name of the HostedOutboundSpamFilter rule that you want to modify.' SenderDomainIs = 'StringArray | Optional | The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.' HostedOutboundSpamFilterPolicy = 'String | Required | The HostedOutboundSpamFilterPolicy parameter specifies the name of the HostedOutboundSpamFilter policy that''s associated with the HostedOutboundSpamFilter rule.' ExceptIfFromMemberOf = 'StringArray | Optional | The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members. You can use any value that uniquely identifies the group.' From = 'StringArray | Optional | The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.' Enabled = 'Boolean | Optional | Specify if this rule should be enabled. Default is $true.' } ) InboundConnectors = @( @{ RestrictDomainsToCertificate = 'Boolean | Optional | The RestrictDomainsToCertificate parameter specifies that Office 365 should identify incoming messages that are eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the TlsSenderCertificateName in the Subject.' ConnectorSource = 'String | Optional | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | Default / Migrated / HybridWizard' TreatMessagesAsInternal = 'Boolean | Optional | The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization doesn''t use Exchange.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TlsSenderCertificateName = 'String | Optional | The TlsSenderCertificateName parameter specifies the certificate used by the sender''s domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP domain. ' ConnectorType = 'String | Optional | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises | Partner / OnPremises' CloudServicesMailEnabled = 'Boolean | Optional | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' RestrictDomainsToIPAddresses = 'Boolean | Optional | The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains specified by the SenderDomains parameter if the mail originates from an IP address that isn''t specified by the SenderIPAddresses parameter.' SenderDomains = 'StringArray | Optional | The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby limiting its scope. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can''t embed a wildcard character, as shown in the following example: domain.*.contoso.com.' EFSkipLastIP = 'Boolean | Optional | The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors.' EFUsers = 'StringArray | Optional | The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to.' Identity = 'String | Required | The Identity parameter specifies the outbound connector that you want to modify.' AssociatedAcceptedDomains = 'StringArray | Optional | The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com.' EFSkipIPs = 'StringArray | Optional | The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.' RequireTls = 'Boolean | Optional | The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid values for this parameter are $true or $false. The default value is $false. When the RequireTLS parameter is set to $true, all messages received by this connector require TLS transmission.' SenderIPAddresses = 'StringArray | Optional | The SenderIPAddresses parameter specifies the remote IP addresses from which this connector accepts messages.' Enabled = 'Boolean | Optional | Specifies whether connector is enabled.' } ) IntraOrganizationConnectors = @( @{ TargetSharingEpr = 'String | Optional | The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services that will be used in the Intra-Organization connector.' Enabled = 'Boolean | Optional | Specifies whether connector is enabled.' DiscoveryEndpoint = 'String | Optional | The DiscoveryEndpoint parameter specifies the externally-accessible URL that''s used for the Autodiscover service for the domain that''s configured in the Intra-Organization connector.' Ensure = 'String | Optional | Specifies if this Intra-Organization connector should exist. | Present / Absent' TargetAddressDomains = 'StringArray | Optional | The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-organization connector. These domains must have valid Autodiscover endpoints defined in their organizations. The domains and their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service connectivity. You can specify multiple domains separated by commas.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the intraorg connector that you want to modify.' } ) IRMConfiguration = @{ SimplifiedClientAccessEncryptOnlyDisabled = 'Boolean | Optional | The SimplifiedClientAccessEncryptOnlyDisabled parameter specifies whether to disable Encrypt only in Outlook on the web. ' TransportDecryptionSetting = 'String | Optional | The TransportDecryptionSetting parameter specifies the transport decryption configuration. | Disabled / Mandatory / Optional' SimplifiedClientAccessEnabled = 'Boolean | Optional | The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web.' SearchEnabled = 'Boolean | Optional | The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web (formerly known as Outlook Web App).' SimplifiedClientAccessDoNotForwardDisabled = 'Boolean | Optional | The SimplifiedClientAccessDoNotForwardDisabled parameter specifies whether to disable Do not forward in Outlook on the web.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' RMSOnlineKeySharingLocation = 'String | Optional | The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that''s used to get the trusted publishing domain (TPD) for the Exchange Online organization.' DecryptAttachmentForEncryptOnly = 'Boolean | Optional | The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.' EDiscoverySuperUserEnabled = 'Boolean | Optional | The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages in a discovery mailbox that were returned by a discovery search.' AzureRMSLicensingEnabled = 'Boolean | Optional | The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.' AutomaticServiceUpdateEnabled = 'Boolean | Optional | The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.' LicensingLocation = 'StringArray | Optional | The LicensingLocation parameter specifies the RMS licensing URLs. You can specify multiple URL values separated by commas.' RejectIfRecipientHasNoRights = 'Boolean | Optional | This parameter is available only in the cloud-based service.' JournalReportDecryptionEnabled = 'Boolean | Optional | The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption.' EnablePdfEncryption = 'Boolean | Optional | The EnablePdfEncryption parameter specifies whether to enable the encryption of PDF attachments using Microsoft Purview Message Encryption. ' InternalLicensingEnabled = 'Boolean | Optional | The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to internal and external recipients.' } JournalRules = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' JournalEmailAddress = 'String | Required | The JournalEmailAddress parameter specifies a recipient object to which journal reports are sent. You can use any value that uniquely identifies the recipient.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Recipient = 'String | Optional | The Recipient parameter specifies the SMTP address of a mailbox, contact, or distribution group to journal. If you specify a distribution group, all recipients in that distribution group are journaled. All messages sent to or from a recipient are journaled.' Ensure = 'String | Optional | Present ensures the rule exists, Absent that it does not. | Present / Absent' Name = 'String | Required | Name of the Journal Rule' RuleScope = 'String | Optional | The Scope parameter specifies the scope of email messages to which the journal rule is applied | Global / Internal / External' Enabled = 'Boolean | Optional | Specifies whether the Journal Rule is enabled or not.' } ) MailboxAutoReplyConfigurations = @( @{ ExternalMessage = 'String | Optional | The ExternalMessage parameter specifies the Automatic Replies message that''s sent to external senders or senders outside the organization. If the value contains spaces, enclose the value in quotation marks.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AutoDeclineFutureRequestsWhenOOF = 'Boolean | Optional | The AutoDeclineFutureRequestsWhenOOF parameter specifies whether to automatically decline new meeting requests that are sent to the mailbox during the scheduled time period when Automatic Replies are being sent. ' ExternalAudience = 'String | Optional | The ExternalAudience parameter specifies whether Automatic Replies are sent to external senders. Valid values are: None, Known, All | None / Known / All' OOFEventSubject = 'String | Optional | The OOFEventSubject parameter specifies the subject for the calendar event that''s automatically created when the CreateOOFEvent parameter is set to $true.' StartTime = 'String | Optional | The StartTime parameter specifies the start date and time that Automatic Replies are sent for the specified mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.' CreateOOFEvent = 'Boolean | Optional | The CreateOOFEvent parameter specifies whether to create a calendar event that corresponds to the scheduled time period when Automatic Replies are being sent for the mailbox.' Ensure = 'String | Optional | Represents the existance of the instance. This must be set to ''Present'' | Present' Owner = 'String | Optional | User Principal Name of the mailbox owner' Identity = 'String | Required | The Identity parameter specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.' EventsToDeleteIDs = 'StringArray | Optional | The EventsToDeleteIDs parameter specifies the calendar events to delete from the mailbox when the DeclineEventsForScheduledOOF parameter is set to $true.' DeclineAllEventsForScheduledOOF = 'Boolean | Optional | The DeclineAllEventsForScheduledOOF parameter specifies whether to decline all existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent.' DeclineMeetingMessage = 'String | Optional | The DeclineMeetingMessage parameter specifies the text in the message when meetings requests that are sent to the mailbox are automatically declined.' AutoReplyState = 'String | Optional | The AutoReplyState parameter specifies whether the mailbox is enabled for Automatic Replies. Valid values are: Enabled, Disabled, Scheduled | Enabled / Disabled / Scheduled' InternalMessage = 'String | Optional | The InternalMessage parameter specifies the Automatic Replies message that''s sent to internal senders or senders within the organization. If the value contains spaces, enclose the value in quotation marks.' EndTime = 'String | Optional | The EndTime parameter specifies the end date and time that Automatic Replies are sent for the mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.' DeclineEventsForScheduledOOF = 'Boolean | Optional | The DeclineEventsForScheduledOOF parameter specifies whether it''s possible to decline existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent. ' } ) MailboxCalendarFolders = @( @{ DetailLevel = 'String | Optional | The DetailLevel parameter specifies the level of calendar detail that''s published and available to anonymous users. | AvailabilityOnly / LimitedDetails / FullDetails' Ensure = 'String | Optional | Determines wether or not the instance exist. | Present' PublishDateRangeTo = 'String | Optional | The PublishDateRangeTo parameter specifies the end date of calendar information to publish (future information). | OneDay / ThreeDays / OneWeek / OneMonth / ThreeMonths / SixMonths / OneYear' SharedCalendarSyncStartDate = 'String | Optional | The SharedCalendarSyncStartDate parameter specifies the limit for past events in the shared calendar that are visible to delegates. A copy of the shared calendar within the specified date range is stored in the delegate''s mailbox.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the calendar folder that you want to modify.' SearchableUrlEnabled = 'Boolean | Optional | The SearchableUrlEnabled parameter specifies whether the published calendar URL is discoverable on the web.' PublishDateRangeFrom = 'String | Optional | The PublishDateRangeFrom parameter specifies the start date of calendar information to publish (past information). | OneDay / ThreeDays / OneWeek / OneMonth / ThreeMonths / SixMonths / OneYear' PublishEnabled = 'Boolean | Optional | The PublishEnabled parameter specifies whether to publish the specified calendar information.' } ) MailboxPermissions = @( @{ Deny = 'Boolean | Optional | The Deny switch specifies that the permissions you''re adding are Deny permissions.' Ensure = 'String | Optional | Determines wheter or not the permission should exist on the mailbox. | Present' AccessRights = 'StringArray | Required | The AccessRights parameter specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner, ChangePermission, DeleteItem, ExternalAccount, FullAccess and ReadPermission.' Owner = 'String | Optional | The Owner parameter specifies the owner of the mailbox object.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the mailbox where you want to assign permissions to the user. You can use any value that uniquely identifies the mailbox.' InheritanceType = 'String | Required | The InheritanceType parameter specifies how permissions are inherited by folders in the mailbox. Valid values are: None, All, Children, Descendents, SelfAndChildren. | None / All / Children / Descendents / SelfAndChildren' User = 'String | Required | The User parameter specifies who gets the permissions on the mailbox.' } ) MailboxPlans = @( @{ RoleAssignmentPolicy = 'String | Optional | The RoleAssignmentPolicy parameter specifies the role assignment policy that''s applied to the mailbox.' ProhibitSendReceiveQuota = 'String | Optional | The ProhibitSendReceiveQuota parameter specifies a size limit for the mailbox.' DisplayName = 'String | Optional | The display name of the mailbox plan.' MaxSendSize = 'String | Optional | The MaxSendSize parameter specifies the maximum size of a message that can be sent by the mailbox.' Ensure = 'String | Optional | MailboxPlans cannot be created/removed in O365. This must be set to ''Present'' | Present' IssueWarningQuota = 'String | Optional | The IssueWarningQuota parameter specifies the warning threshold for the size of the mailboxes that are created or enabled using the mailbox plan.' MaxReceiveSize = 'String | Optional | The MaxReceiveSize parameter specifies the maximum size of a message that can be sent to the mailbox.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the Mailbox Plan that you want to modify.' ProhibitSendQuota = 'String | Optional | The ProhibitSendQuota parameter specifies a size limit for the mailbox.' RetentionPolicy = 'String | Optional | The RetentionPolicy parameter specifies the retention policy that''s applied to the mailbox.' RetainDeletedItemsFor = 'String | Optional | The RetainDeletedItemsFor parameter specifies the length of time to keep soft-deleted items for the mailbox.' } ) MailboxSettingsItems = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Present ensures the Mailbox Settings are applied | Present' Locale = 'String | Optional | The code of the Locale to assign to the mailbox' TimeZone = 'String | Optional | The name of the Time Zone to assign to the mailbox' DisplayName = 'String | Required | The display name of the Shared Mailbox' } ) MailContacts = @( @{ ModeratedBy = 'StringArray | Optional | The ModeratedBy parameter specifies one or more moderators for this mail contact. A moderator approves messages sent to the mail contact before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization.' CustomAttribute10 = 'String | Optional | The CustomAttribute10 parameter specifies the value of the CustomAttribute10' ModerationEnabled = 'Boolean | Optional | The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.' ExtensionCustomAttribute4 = 'StringArray | Optional | The ExtensionCustomAttribute4 parameter specifies the value of the ExtensionCustomAttribute4' MacAttachmentFormat = 'String | Optional | The MacAttachmentFormat parameter specifies the Apple Macintosh operating system attachment format to use for messages sent to the mail contact or mail user. Valid values are: BinHex, UuEncode, AppleSingle, AppleDouble | BinHex / UuEncode / AppleSingle / AppleDouble' CustomAttribute8 = 'String | Optional | The CustomAttribute8 parameter specifies the value of the CustomAttribute8' DisplayName = 'String | Optional | The DisplayName parameter specifies the display name of the mail contact. The display name is visible in the Exchange admin center and in address lists. ' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies a unique name for the mail contact.' CustomAttribute5 = 'String | Optional | The CustomAttribute5 parameter specifies the value of the CustomAttribute5' CustomAttribute7 = 'String | Optional | The CustomAttribute7 parameter specifies the value of the CustomAttribute7' CustomAttribute4 = 'String | Optional | The CustomAttribute4 parameter specifies the value of the CustomAttribute4' CustomAttribute1 = 'String | Optional | The CustomAttribute1 parameter specifies the value of the CustomAttribute1' LastName = 'String | Optional | The LastName parameter specifies the user''s last name.' ExtensionCustomAttribute2 = 'StringArray | Optional | The ExtensionCustomAttribute2 parameter specifies the value of the ExtensionCustomAttribute2' CustomAttribute6 = 'String | Optional | The CustomAttribute6 parameter specifies the value of the CustomAttribute6' UsePreferMessageFormat = 'Boolean | Optional | The UsePreferMessageFormat specifies whether the message format settings configured for the mail user or mail contact override the global settings configured for the remote domain or configured by the message sender' CustomAttribute12 = 'String | Optional | The CustomAttribute12 parameter specifies the value of the CustomAttribute12' CustomAttribute3 = 'String | Optional | The CustomAttribute3 parameter specifies the value of the CustomAttribute3' ExtensionCustomAttribute3 = 'StringArray | Optional | The ExtensionCustomAttribute3 parameter specifies the value of the ExtensionCustomAttribute3' CustomAttribute13 = 'String | Optional | The CustomAttribute13 parameter specifies the value of the CustomAttribute13' CustomAttribute14 = 'String | Optional | The CustomAttribute14 parameter specifies the value of the CustomAttribute14' MessageBodyFormat = 'String | Optional | The MessageBodyFormat parameter specifies the message body format for messages sent to the mail contact or mail user. Valid values are: Text, Html, TextAndHtml | Text / Html / TextAndHtml' Initials = 'String | Optional | The Initials parameter specifies the user''s middle initials.' Ensure = 'String | Optional | Specifies if this Contact should exist. | Present / Absent' CustomAttribute15 = 'String | Optional | The CustomAttribute15 parameter specifies the value of the CustomAttribute15' ExtensionCustomAttribute1 = 'StringArray | Optional | The ExtensionCustomAttribute1 parameter specifies the value of the ExtensionCustomAttribute1' ExtensionCustomAttribute5 = 'StringArray | Optional | The ExtensionCustomAttribute5 parameter specifies the value of the ExtensionCustomAttribute5' ExternalEmailAddress = 'String | Required | The ExternalEmailAddress parameter specifies the target email address of the mail contact or mail user. By default, this value is used as the primary email address of the mail contact or mail user.' CustomAttribute9 = 'String | Optional | The CustomAttribute9 parameter specifies the value of the CustomAttribute9' UniqueId = 'String | Required | Unique ID to identify this specific object' Alias = 'String | Optional | The Alias parameter specifies the Exchange alias (also known as the mail nickname) for the recipient. This value identifies the recipient as a mail-enabled object, and shouldn''t be confused with multiple email addresses for the same recipient (also known as proxy addresses). A recipient can have only one Alias value. The maximum length is 64 characters.' MessageFormat = 'String | Optional | The MessageFormat parameter specifies the message format for messages sent to the mail contact or mail user. Valid values are: Mime, Text | Mime / Text' FirstName = 'String | Optional | The FirstName parameter specifies the user''s first name.' CustomAttribute2 = 'String | Optional | The CustomAttribute2 parameter specifies the value of the CustomAttribute2' SendModerationNotifications = 'String | Optional | The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: ALways, Internal, Never | Always / Internal / Never' OrganizationalUnit = 'String | Optional | The OrganizationalUnit parameter specifies the location in Active Directory where the new contact is created.' CustomAttribute11 = 'String | Optional | The CustomAttribute11 parameter specifies the value of the CustomAttribute11' } ) MailTips = @{ Ensure = 'String | Optional | Specifies if this MailTip should exist. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MailTipsExternalRecipientsTipsEnabled = 'Boolean | Optional | Specifies whether MailTips for external recipients are enabled.' MailTipsAllTipsEnabled = 'Boolean | Optional | Specifies whether MailTips are enabled.' MailTipsGroupMetricsEnabled = 'Boolean | Optional | Specifies whether MailTips that rely on group metrics data are enabled.' MailTipsMailboxSourcedTipsEnabled = 'Boolean | Optional | Specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.' MailTipsLargeAudienceThreshold = 'UInt32 | Optional | Specifies what a large audience is.' } MalwareFilterPolicies = @( @{ CustomFromAddress = 'String | Optional | The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders.' CustomInternalSubject = 'String | Optional | The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CustomFromName = 'String | Optional | The CustomFromName parameter specifies the From name of the custom notification message for malware detections in messages from internal or external senders. If the value contains spaces, enclose the value in quotation marks.' ZapEnabled = 'Boolean | Optional | The ZapEnabled parameter enables or disables zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user''s Inbox. Valid values are: $true, $false.' CustomExternalSubject = 'String | Optional | The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.' CustomNotifications = 'Boolean | Optional | The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are: $true, $false.' FileTypeAction = 'String | Optional | The FileTypeAction parameter specifies what''s done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking). Valid values are Quarantine and Reject. The default value is Reject. | Quarantine / Reject' Ensure = 'String | Optional | Specifies if this MalwareFilterPolicy should exist. | Present / Absent' CustomInternalBody = 'String | Optional | The CustomInternalBody parameter specifies the body of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.' CustomExternalBody = 'String | Optional | The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.' FileTypes = 'StringArray | Optional | The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.' EnableExternalSenderAdminNotifications = 'Boolean | Optional | The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are: $true, $false.' QuarantineTag = 'String | Optional | The QuarantineTag specifies the quarantine policy that''s used on messages that are quarantined as malware.' InternalSenderAdminAddress = 'String | Optional | The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from internal senders.' Identity = 'String | Required | The Identity parameter specifies the MalwareFilterPolicy you want to modify.' ExternalSenderAdminAddress = 'String | Optional | The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.' EnableInternalSenderAdminNotifications = 'Boolean | Optional | The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are: $true, $false.' MakeDefault = 'Boolean | Optional | MakeDefault makes this malware filter policy the default policy. Valid values are: $true, $false.' EnableFileFilter = 'Boolean | Optional | The EnableFileFilter parameter enables or disables common attachment blocking - also known as the Common Attachment Types Filter.Valid values are: $true, $false.' } ) MalwareFilterRules = @( @{ Priority = 'String | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specifies if the Malware Filter Rule should exist. | Present / Absent' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Identity = 'String | Required | The Identity parameter specifies the EXO resource you want to modify.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' MalwareFilterPolicy = 'String | Optional | The MalwareFilterPolicy parameter specifies the malware filter policy to apply to messages that match the conditions defined by this malware filter rule.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' Enabled = 'Boolean | Optional | The Enabled parameter enables or disables the malware filter rule. Valid input for this parameter is $true or $false. The default value is $true.' } ) ManagementRoles = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The Description parameter specifies the description that''s displayed when the management role is viewed using the Get-ManagementRole cmdlet.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Parent = 'String | Required | The Parent parameter specifies the identity of the role to copy. Mandatory for management role creation/update or when Ensure=Present. Non-mandatory for Ensure=Absent' Ensure = 'String | Optional | Specify if the Management Role should exist or not. | Present / Absent' Name = 'String | Required | The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.' } ) ManagementRoleAssignments = @( @{ CustomRecipientWriteScope = 'String | Optional | The CustomRecipientWriteScope parameter specifies the existing recipient-based management scope to associate with this management role assignment.' Name = 'String | Required | The Name parameter specifies a name for the new management role assignment. The maximum length of the name is 64 characters.' SecurityGroup = 'String | Optional | The SecurityGroup parameter specifies the name of the management role group or mail-enabled universal security group to assign the management role to.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' App = 'String | Optional | The App parameter specifies the service principal to assign the management role to. Specifically, the ServiceId GUID value from the output of the Get-ServicePrincipal cmdlet (for example, 6233fba6-0198-4277-892f-9275bf728bcc).' User = 'String | Optional | The User parameter specifies the name or alias of the user to assign the management role to.' RecipientAdministrativeUnitScope = 'String | Optional | The RecipientAdministrativeUnitScope parameter specifies the administrative unit to scope the new role assignment to.' ExclusiveRecipientWriteScope = 'String | Optional | The ExclusiveConfigWriteScope parameter specifies the exclusive configuration-based management scope to associate with the new role assignment.' Ensure = 'String | Optional | Specify if the Management Role Assignment should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' CustomResourceScope = 'String | Optional | The CustomResourceScope parameter specifies the custom management scope to associate with this management role assignment. You can use any value that uniquely identifies the management scope.' Policy = 'String | Optional | The Policy parameter specifies the name of the management role assignment policy to assign the management role to.' RecipientOrganizationalUnitScope = 'String | Optional | The RecipientOrganizationalUnitScope parameter specifies the OU to scope the new role assignment to. If you use the RecipientOrganizationalUnitScope parameter, you can''t use the CustomRecipientWriteScope or ExclusiveRecipientWriteScope parameters.' RecipientRelativeWriteScope = 'String | Optional | The RecipientRelativeWriteScope parameter specifies the type of restriction to apply to a recipient scope. The available types are None, Organization, MyGAL, Self, and MyDistributionGroups. The RecipientRelativeWriteScope parameter is automatically set when the CustomRecipientWriteScope or RecipientOrganizationalUnitScope parameters are used.' Role = 'String | Required | The Role parameter specifies the existing role to assign. You can use any value that uniquely identifies the role.' } ) ManagementRoleEntries = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Parameters = 'StringArray | Optional | The Parameters parameter specifies the parameters to be added to or removed from the role entry.' Type = 'String | Optional | The Type parameter specifies the type of role entry to return. | Cmdlet / Script / ApplicationPermission' Identity = 'String | Required | The Identity parameter specifies the role entry that you want to modify.' } ) MessageClassifications = @( @{ SenderDescription = 'String | Optional | The SenderDescription parameter specifies the detailed text that''s shown to Outlook senders when they select a message classification to apply to a message before they send the message. ' Name = 'String | Optional | The Name parameter specifies the unique name for the message classification.' RetainClassificationEnabled = 'Boolean | Optional | The RetainClassificationEnabled parameter specifies whether the message classification should persist with the message if the message is forwarded or replied to.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' RecipientDescription = 'String | Optional | The RecipientDescription parameter specifies the detailed text that''s shown to Outlook recipient when they receive a message that has the message classification applied.' DisplayPrecedence = 'String | Optional | The DisplayPrecedence parameter specifies the relative precedence of the message classification to other message classifications that may be applied to a specified message. | Highest / Higher / High / MediumHigh / Medium / MediumLow / Low / Lower / Lowest' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the OME Configuration policy that you want to modify.' PermissionMenuVisible = 'Boolean | Optional | The PermissionMenuVisible parameter specifies whether the values that you entered for the DisplayName and RecipientDescription parameters are displayed in Outlook as the user composes a message. ' ClassificationID = 'String | Optional | The ClassificationID parameter specifies the classification ID (GUID) of an existing message classification that you want to import and use in your Exchange organization.' DisplayName = 'String | Optional | The DisplayName parameter specifies the title of the message classification that''s displayed in Outlook and selected by users.' } ) MobileDeviceMailboxPolicies = @( @{ AllowSimplePassword = 'Boolean | Optional | The AllowSimplePassword parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.' AllowGooglePushNotifications = 'Boolean | Optional | The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices.' AllowBluetooth = 'String | Optional | The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile phone. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow. | Disable / HandsfreeOnly / Allow' RequireEncryptedSMIMEMessages = 'Boolean | Optional | The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages.' MaxAttachmentSize = 'String | Optional | The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile phone.' AllowDesktopSync = 'Boolean | Optional | The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer through a cable.' RequireSignedSMIMEAlgorithm = 'String | Optional | The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that''s used to sign S/MIME messages on the mobile device. | SHA1 / MD5' MinPasswordLength = 'String | Optional | The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PasswordExpiration = 'String | Optional | The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password.' AllowTextMessaging = 'Boolean | Optional | The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile phone.' AllowWiFi = 'Boolean | Optional | The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile phone. ' AllowApplePushNotifications = 'Boolean | Optional | The AllowApplePushNotifications parameter specifies whether push notifications are allowed to Apple mobile devices.' AllowExternalDeviceManagement = 'Boolean | Optional | The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile phone.' RequireStorageCardEncryption = 'Boolean | Optional | The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device.' AllowUnsignedInstallationPackages = 'Boolean | Optional | The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be executed on the mobile phone.' MaxEmailAgeFilter = 'String | Optional | The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile phone. | All / OneDay / ThreeDays / OneWeek / TwoWeeks / OneMonth' AllowNonProvisionableDevices = 'Boolean | Optional | The AllowNonProvisionableDevices parameter specifies whether all mobile phones can synchronize with the server running Exchange.' AllowIrDA = 'Boolean | Optional | The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone.' WSSAccessEnabled = 'Boolean | Optional | The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.' MinPasswordComplexCharacters = 'String | Optional | The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of the mobile device.' PasswordHistory = 'String | Optional | The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.' DeviceEncryptionEnabled = 'Boolean | Optional | The DeviceEncryptionEnabled parameter specifies whether encryption is enabled.' PasswordEnabled = 'Boolean | Optional | The PasswordEnabled parameter specifies whether a password is required on the mobile device.' AllowPOPIMAPEmail = 'Boolean | Optional | The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile phone.' MaxCalendarAgeFilter = 'String | Optional | The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the device. | All / TwoWeeks / OneMonth / ThreeMonths / SixMonths' MaxEmailHTMLBodyTruncationSize = 'String | Optional | The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are synchronized to the mobile phone. The value is specified in KB.' ApprovedApplicationList = 'StringArray | Optional | The ApprovedApplicationList parameter specifies a list of approved applications for the mobile phone.' AllowUnsignedApplications = 'Boolean | Optional | The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile phone.' AllowMobileOTAUpdate = 'Boolean | Optional | The AllowMobileOTAUpdate parameter specifies whether the Exchange ActiveSync mailbox policy can be sent to the mobile phone over a cellular data connection.' UNCAccessEnabled = 'Boolean | Optional | The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device.' UnapprovedInROMApplicationList = 'StringArray | Optional | The UnapprovedInROMApplicationList parameter specifies a list of applications that can''t be run in ROM on the mobile device.' RequireEncryptionSMIMEAlgorithm = 'String | Optional | The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that''s required to encrypt S/MIME messages on a mobile device. | DES / TripleDES / RC240bit / RC264bit / RC2128bit' RequireDeviceEncryption = 'Boolean | Optional | The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device.' RequireManualSyncWhenRoaming = 'Boolean | Optional | The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that''s used to sign S/MIME messages on the mobile device.' Ensure = 'String | Optional | Specify if the Mobile Device Mailbox Policy should exist or not. | Present / Absent' PasswordRecoveryEnabled = 'Boolean | Optional | The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange.' MaxPasswordFailedAttempts = 'String | Optional | The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile phone. You can enter any number from 4 through 16 or the value Unlimited.' AllowSMIMESoftCerts = 'Boolean | Optional | The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed.' AlphanumericPasswordRequired = 'Boolean | Optional | The AlphanumericPasswordRequired parameter specifies whether the password for the mobile phone must be alphanumeric.' AllowCamera = 'Boolean | Optional | The AllowCamera parameter specifies whether the mobile phone''s camera is allowed.' AllowRemoteDesktop = 'Boolean | Optional | The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.' IrmEnabled = 'Boolean | Optional | The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.' RequireSignedSMIMEMessages = 'Boolean | Optional | The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages.' MaxInactivityTimeLock = 'String | Optional | The MaxInactivityTimeDeviceLock parameter specifies the length of time that the mobile phone can be inactive before the password is required to reactivate it.' MaxEmailBodyTruncationSize = 'String | Optional | The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile phone. The value is specified in kilobytes (KB).' UniqueId = 'String | Required | Unique ID to identify this specific object' AllowConsumerEmail = 'Boolean | Optional | The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email account on the mobile phone.' AttachmentsEnabled = 'Boolean | Optional | The AttachmentsEnabled parameter specifies whether attachments can be downloaded.' DevicePolicyRefreshInterval = 'String | Optional | The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile phone.' AllowInternetSharing = 'Boolean | Optional | The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.' AllowBrowser = 'Boolean | Optional | The AllowBrowser parameter indicates whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. This parameter doesn''t affect third-party browsers.' AllowStorageCard = 'Boolean | Optional | The AllowStorageCard parameter specifies whether the mobile phone can access information stored on a storage card.' AllowMicrosoftPushNotifications = 'Boolean | Optional | The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device.' Name = 'String | Required | The Name parameter specifies the friendly name of the mobile device mailbox policy.' AllowSMIMEEncryptionAlgorithmNegotiation = 'String | Optional | The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient''s certificate doesn''t support the specified encryption algorithm. | AllowAnyAlgorithmNegotiation / BlockNegotiation / OnlyStrongAlgorithmNegotiation' AllowHTMLEmail = 'Boolean | Optional | The AllowHTMLEmail parameter specifies whether HTML email is enabled on the mobile phone.' IsDefault = 'Boolean | Optional | The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy.' } ) OfflineAddressBooks = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IsDefault = 'Boolean | Optional | The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don''t have an OAB specified.' Ensure = 'String | Optional | Specify if the Offline Address Book should exist or not. | Present / Absent' AddressLists = 'StringArray | Optional | The AddressLists parameter specifies the address lists or global address lists that are included in the OAB. You can use any value that uniquely identifies the address list.' Name = 'String | Required | The Name parameter specifies the unique name of the Offline Address Book. The maximum length is 64 characters.' DiffRetentionPeriod = 'String | Optional | The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the server.' ConfiguredAttributes = 'StringArray | Optional | The ConfiguredAttributes parameter specifies the recipient MAPI properties that are available in the OAB.' } ) OMEConfigurations = @( @{ IntroductionText = 'String | Optional | The IntroductionText parameter specifies the default text that accompanies encrypted email messages.' ExternalMailExpiryInDays = 'UInt32 | Optional | The ExternalMailExpiryInDays parameter specifies the number of days that the encrypted message is available to external recipients in the Microsoft 365 portal. A valid value is an integer from 0 to 730.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ReadButtonText = 'String | Optional | The ReadButtonText parameter specifies the text that appears on the ''Read the message'' button. ' PortalText = 'String | Optional | The PortalText parameter specifies the text that appears at the top of the encrypted email viewing portal.' OTPEnabled = 'Boolean | Optional | The OTPEnabled parameter specifies whether to allow recipients to use a one-time passcode to view encrypted messages.' BackgroundColor = 'String | Optional | The BackgroundColor parameter specifies the background color' DisclaimerText = 'String | Optional | The DisclaimerText parameter specifies the disclaimer text in the email that contains the encrypted message' PrivacyStatementUrl = 'String | Optional | The PrivacyStatementUrl parameter specifies the Privacy Statement link in the encrypted email notification message.' SocialIdSignIn = 'Boolean | Optional | The SocialIdSignIn parameter specifies whether a user is allowed to view an encrypted message in the Microsoft 365 admin center using their own social network id (Google, Yahoo, and Microsoft account).' EmailText = 'String | Optional | The EmailText parameter specifies the default text that accompanies encrypted email messages.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' Identity = 'String | Required | The Identity parameter specifies the OME Configuration policy that you want to modify.' } ) OnPremisesOrganizations = @( @{ Comment = 'String | Optional | The Comment parameter specifies an optional comment.' OrganizationGuid = 'String | Optional | The OrganizationGuid parameter specifies the globally unique identifier (GUID) of the on-premises Exchange organization object in the Office 365 tenant.' Ensure = 'String | Optional | Specify if the On-Premises Organization should exist or not. | Present / Absent' Identity = 'String | Required | The Identity parameter specifies the identity of the on-premises organization object.' HybridDomains = 'StringArray | Optional | The HybridDomains parameter specifies the domains that are configured in the hybrid deployment between an Office 365 tenant and an on-premises Exchange organization. The domains specified in this parameter must match the domains listed in the HybridConfiguration Active Directory object for the on-premises Exchange organization configured by the Hybrid Configuration wizard. ' OrganizationName = 'String | Optional | The OrganizationName parameter specifies the Active Directory object name of the on-premises Exchange organization.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' InboundConnector = 'String | Optional | The InboundConnector parameter specifies the name of the inbound connector configured on the Microsoft Exchange Online Protection (EOP) service for a hybrid deployment configured with an on-premises Exchange organization.' OrganizationRelationship = 'String | Optional | The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange organization. This organization relationship defines the federated sharing features enabled on the Office 365 tenant.' OutboundConnector = 'String | Optional | The OutboundConnector parameter specifies the name of the outbound connector configured on the EOP service for a hybrid deployment configured with an on-premises Exchange organization.' } ) OrganizationConfig = @{ LeanPopoutEnabled = 'Boolean | Optional | The LeanPopoutEnabled parameter specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.' LinkPreviewEnabled = 'Boolean | Optional | The LinkPreviewEnabled parameter specifies whether link preview of URLs in email messages is allowed for the organization.' MailTipsAllTipsEnabled = 'Boolean | Optional | The MailTipsAllTipsEnabled parameter specifies whether MailTips are enabled. The default value is $true.' IPListBlocked = 'StringArray | Optional | The IPListBlocked parameter specifies the blocked IP addresses that aren''t allowed to connect to Exchange Online organization. These settings affect client connections that use Basic authentication where on-premises Active Directory Federation Services (ADFS) servers federate authentication with Azure Active Directory. Note that the new settings might take up to 4 hours to fully propagate across the service.' IsGroupFoldersAndRulesEnabled = 'Boolean | Optional | No description available for IsGroupFoldersAndRulesEnabled' IsGroupMemberAllowedToEditContent = 'Boolean | Optional | No description available for IsGroupMemberAllowedToEditContent' MailTipsExternalRecipientsTipsEnabled = 'Boolean | Optional | The MailTipsExternalRecipientsTipsEnabled parameter specifies whether MailTips for external recipients are enabled. The default value is $false.' MaskClientIpInReceivedHeadersEnabled = 'Boolean | Optional | No description available for MaskClientIpInReceivedHeadersEnabled.' MatchSenderOrganizerProperties = 'Boolean | Optional | No description available for MatchSenderOrganizerProperties.' MessageHighlightsEnabled = 'Boolean | Optional | No description available for MessageHighlightsEnabled.' MailTipsGroupMetricsEnabled = 'Boolean | Optional | The MailTipsGroupMetricsEnabled parameter specifies whether MailTips that rely on group metrics data are enabled. The default value is $true.' MailTipsLargeAudienceThreshold = 'UInt32 | Optional | The MailTipsLargeAudienceThreshold parameter specifies what a large audience is. The default value is 25.' MailTipsMailboxSourcedTipsEnabled = 'Boolean | Optional | The MailTipsMailboxSourcedTipsEnabled parameter specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.' HierarchicalAddressBookRoot = 'String | Optional | The HierarchicalAddressBookRoot parameter specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.' EwsApplicationAccessPolicy = 'String | Optional | The EwsApplicationAccessPolicy parameter specifies the client applications that have access to EWS and REST. | EnforceAllowList / EnforceBlockList' EwsBlockList = 'StringArray | Optional | The EwsBlockList parameter specifies the applications that aren''t allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren''t specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.' EwsEnabled = 'Boolean | Optional | The EwsEnabled parameter specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request.' EwsAllowList = 'StringArray | Optional | The EwsAllowList parameter specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren''t specified by this parameter aren''t allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.' EwsAllowMacOutlook = 'Boolean | Optional | The EwsAllowMacOutlook parameter enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later).' EwsAllowOutlook = 'Boolean | Optional | The EwsAllowOutlook parameter enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.' ExchangeNotificationEnabled = 'Boolean | Optional | The ExchangeNotificationEnabled parameter enables or disables Exchange notifications sent to administrators regarding their organizations. Valid input for this parameter is $true or $false.' FindTimeLockPollForAttendeesEnabled = 'Boolean | Optional | The FindTimeLockPollForAttendeesEnabled controls whether the Lock poll for attendees setting is managed by the organization.' FindTimeOnlineMeetingOptionDisabled = 'Boolean | Optional | The FindTimeOnlineMeetingOptionDisabled parameter controls the availability of the Online meeting checkbox for Teams in meeting polls using the FindTime Outlook add-in.' FocusedInboxOn = 'Boolean | Optional | The FocusedInboxOn parameter enables or disables Focused Inbox for the organization.' ExchangeNotificationRecipients = 'StringArray | Optional | The ExchangeNotificationRecipients parameter specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to $false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks and separate multiple values with commas. If this parameter isn''t set, Exchange notifications are sent to all administrators.' FindTimeAttendeeAuthenticationEnabled = 'Boolean | Optional | The FindTimeAttendeeAuthenticationEnabled parameter controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.' FindTimeAutoScheduleDisabled = 'Boolean | Optional | The FindTimeAutoScheduleDisabled parameter controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in.' MessageRecallEnabled = 'Boolean | Optional | The MessageRecallEnabled parameter enables or disables the message recall feature in the organization.' SiteMailboxCreationURL = 'String | Optional | The SiteMailboxCreationURL parameter specifies the URL that''s used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.' SmtpActionableMessagesEnabled = 'Boolean | Optional | The SmtpActionableMessagesEnabled parameter specifies whether to enable or disable action buttons in email messages in Outlook on the web.' VisibleMeetingUpdateProperties = 'String | Optional | The VisibleMeetingUpdateProperties parameter specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee''s calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.' SendFromAliasEnabled = 'Boolean | Optional | The SendFromAliasEnabled parameter allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service' SharedDomainEmailAddressFlowEnabled = 'Boolean | Optional | No description available for SharedDomainEmailAddressFlowEnabled.' ShortenEventScopeDefault = 'String | Optional | The ShortenEventScopeDefault parameter specifies whether calendar events start late or end early in the organization.' WebPushNotificationsDisabled = 'Boolean | Optional | The WebPushNotificationsDisabled parameter specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user''s desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' WebSuggestedRepliesDisabled = 'Boolean | Optional | The WebSuggestedRepliesDisabled parameter specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.' WorkspaceTenantEnabled = 'Boolean | Optional | The WorkspaceTenantEnabled parameter enables or disables workspace booking in the organization.' RemotePublicFolderMailboxes = 'StringArray | Optional | The RemotePublicFolderMailboxes parameter specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.' OnlineMeetingsByDefaultEnabled = 'Boolean | Optional | The OnlineMeetingsByDefaultEnabled parameter specifies whether to set all meetings as Teams by default during meeting creation.' OutlookGifPickerDisabled = 'Boolean | Optional | The OutlookGifPickerDisabled parameter disables the GIF Search (powered by Bing) feature that''s built into the Compose page in Outlook on the web.' OutlookMobileGCCRestrictionsEnabled = 'Boolean | Optional | The OutlookMobileGCCRestrictionsEnabled parameter specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Office 365 US Government Community Cloud (GCC) customers.' MessageRemindersEnabled = 'Boolean | Optional | The MessageRemindersEnabled parameter enables or disables the message reminders feature in the organization.' MobileAppEducationEnabled = 'Boolean | Optional | The MobileAppEducationEnabled specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web.' OAuth2ClientProfileEnabled = 'Boolean | Optional | The OAuth2ClientProfileEnabled parameter enables or disables modern authentication in the Exchange organization.' OutlookPayEnabled = 'Boolean | Optional | The OutlookPayEnabled parameter enables or disables Payments in Outlook in the Office 365 organization.' PublicFolderShowClientControl = 'Boolean | Optional | The PublicFolderShowClientControl parameter enables or disables access to public folders in Microsoft Outlook.' ReadTrackingEnabled = 'Boolean | Optional | The ReadTrackingEnabled parameter specifies whether the tracking for read status for messages in an organization is enabled. The default value is $false.' RecallReadMessagesEnabled = 'Boolean | Optional | No description available for RecallReadMessagesEnabled.' OutlookTextPredictionDisabled = 'Boolean | Optional | No description available for OutlookTextPredictionDisabled.' PublicComputersDetectionEnabled = 'Boolean | Optional | The PublicComputersDetectionEnabled parameter specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks. The default is $false. However, if you set this parameter to $true, Outlook on the web will determine if the user is signing in from a public computer, and all public attachment handling rules will be applied and enforced.' PublicFoldersEnabled = 'String | Optional | The PublicFoldersEnabled parameter specifies how public folders are deployed in your organization. | None / Local / Remote' EwsAllowEntourage = 'Boolean | Optional | The EwsAllowEntourage parameter specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.' BookingsNamingPolicyEnabled = 'Boolean | Optional | No description available for BookingsNamingPolicyEnabled' BookingsNamingPolicyPrefix = 'String | Optional | No description available for BookingsNamingPolicyPrefix' BookingsNamingPolicyPrefixEnabled = 'Boolean | Optional | No description available for BookingsNamingPolicyPrefixEnabled' BookingsEnabled = 'Boolean | Optional | The BookingsEnabled parameter specifies whether to enable Microsoft Bookings in an organization.' BookingsExposureOfStaffDetailsRestricted = 'Boolean | Optional | The BookingsExposureOfStaffDetailsRestricted parameter specifies whether the attributes of internal Bookings staff members are visible to external Bookings customers.' BookingsMembershipApprovalRequired = 'Boolean | Optional | The BookingsMembershipApprovalRequired parameter enables a membership approval requirement when new staff members are added to Bookings calendars.' BookingsNamingPolicySuffix = 'String | Optional | No description available for BookingsNamingPolicySuffix' BookingsPhoneNumberEntryRestricted = 'Boolean | Optional | The BookingsPhoneNumberEntryRestricted parameter specifies whether phone numbers can be collected from Bookings customers.' BookingsSearchEngineIndexDisabled = 'Boolean | Optional | No description available for BookingsSearchEngineIndexDisabled' BookingsSmsMicrosoftEnabled = 'Boolean | Optional | No description available for BookingsSmsMicrosoftEnabled' BookingsNamingPolicySuffixEnabled = 'Boolean | Optional | No description available for BookingsNamingPolicySuffixEnabled' BookingsNotesEntryRestricted = 'Boolean | Optional | The BookingsNotesEntryRestricted parameter specifies whether appointment notes can be collected from Bookings customers.' BookingsPaymentsEnabled = 'Boolean | Optional | The BookingsPaymentsEnabled parameter specifies whether to enable online payment node inside Bookings.' BookingsCreationOfCustomQuestionsRestricted = 'Boolean | Optional | The BookingsCreationOfCustomQuestionsRestricted parameter specifies whether Bookings admins can add custom questions.' ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled = 'Boolean | Optional | The ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled parameter specifies whether to keep single sign-on enabled. The default value is $true.' AppsForOfficeEnabled = 'Boolean | Optional | The AppsForOfficeEnabled parameter specifies whether to enable apps for Outlook features. By default, the parameter is set to $true. If the flag is set to $false, no new apps can be activated for any user in the organization.' AsyncSendEnabled = 'Boolean | Optional | The AsyncSendEnabled parameter specifies whether to enable or disable async send in Outlook on the web.' ActivityBasedAuthenticationTimeoutEnabled = 'Boolean | Optional | The ActivityBasedAuthenticationTimeoutEnabled parameter specifies whether the timed logoff feature is enabled. The default value is $true' ActivityBasedAuthenticationTimeoutInterval = 'String | Optional | The ActivityBasedAuthenticationTimeoutInterval parameter specifies the time span for logoff. You enter this value as a time span: hh:mm:ss where hh = hours, mm = minutes and ss = seconds. Valid values for this parameter are from 00:05:00 to 08:00:00 (5 minutes to 8 hours). The default value is 06:00:00 (6 hours).' AuditDisabled = 'Boolean | Optional | The AuditDisabled parameter specifies whether to disable or enable mailbox auditing for the organization.' BookingsAddressEntryRestricted = 'Boolean | Optional | The BookingsAddressEntryRestricted parameter specifies whether addresses can be collected from Bookings customers.' BookingsAuthEnabled = 'Boolean | Optional | The BookingsAuthEnabled parameter specifies whether to enforce authentication to access all published Bookings pages.' BookingsBlockedWordsEnabled = 'Boolean | Optional | No description available for BookingsBlockedWordsEnabled' AutodiscoverPartialDirSync = 'Boolean | Optional | Setting this parameter to $true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically.' AutoExpandingArchive = 'Boolean | Optional | The AutoExpandingArchive switch enables the unlimited archiving feature (called auto-expanding archiving) in an Exchange Online organization. You don''t need to specify a value with this switch.' BlockMoveMessagesForGroupFolders = 'Boolean | Optional | No description available for BlockMoveMessagesForGroupFolders' BookingsSocialSharingRestricted = 'Boolean | Optional | The BookingsSocialSharingRestricted parameter allows you to control whether, or not, your users can see social sharing options inside Bookings.' DefaultPublicFolderMovedItemRetention = 'String | Optional | The DefaultPublicFolderMovedItemRetention parameter specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.' DefaultPublicFolderProhibitPostQuota = 'String | Optional | The DefaultPublicFolderProhibitPostQuota parameter specifies the size of a public folder at which users are notified that the public folder is full. Users can''t post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value. The default value of this attribute is unlimited.' DirectReportsGroupAutoCreationEnabled = 'Boolean | Optional | The DirectReportsGroupAutoCreationEnabled parameter specifies whether to enable or disable the automatic creation of direct report Office 365 groups.' DefaultPublicFolderDeletedItemRetention = 'String | Optional | The DefaultPublicFolderDeletedItemRetention parameter specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don''t have their own RetainDeletedItemsFor attribute set.' DefaultPublicFolderIssueWarningQuota = 'String | Optional | The DefaultPublicFolderIssueWarningQuota parameter specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder''s owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don''t have their own warning quota attribute set. The default value of this attribute is unlimited. The valid input range for this parameter is from 0 through 2199023254529 bytes(2 TB). If you enter a value of unlimited, no size limit is imposed on the public folder.' DefaultPublicFolderMaxItemSize = 'String | Optional | The DefaultPublicFolderMaxItemSize parameter specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don''t have their own MaxItemSize attribute set. The default value of this attribute is unlimited.' DisablePlusAddressInRecipients = 'Boolean | Optional | The DisablePlusAddressInRecipients parameter specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.' ElcProcessingDisabled = 'Boolean | Optional | The ElcProcessingDisabled parameter specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.' EnableOutlookEvents = 'Boolean | Optional | The EnableOutlookEvents parameter specifies whether Outlook or Outlook on the web automatically discovers events from email messages and adds them to user calendars.' EndUserDLUpgradeFlowsDisabled = 'Boolean | Optional | The EndUserDLUpgradeFlowsDisabled parameter specifies whether to prevent users from upgrading their own distribution groups to Office 365 groups in an Exchange Online organization.' DistributionGroupDefaultOU = 'String | Optional | The DistributionGroupDefaultOU parameter specifies the container where distribution groups are created by default.' DistributionGroupNameBlockedWordsList = 'StringArray | Optional | The DistributionGroupNameBlockedWordsList parameter specifies words that can''t be included in the names of distribution groups. Separate multiple values with commas.' DistributionGroupNamingPolicy = 'String | Optional | The DistributionGroupNamingPolicy parameter specifies the template applied to the name of distribution groups that are created in the organization. You can enforce that a prefix or suffix be applied to all distribution groups. Prefixes and suffixes can be either a string or an attribute, and you can combine strings and attributes.' DefaultPublicFolderAgeLimit = 'String | Optional | The DefaultPublicFolderAgeLimit parameter specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don''t have their own AgeLimit setting. To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. Or, enter the value $null. The default value is blank ($null).' ConnectorsEnabled = 'Boolean | Optional | The ConnectorsEnabled parameter specifies whether to enable or disable all connected apps in organization.' ConnectorsEnabledForOutlook = 'Boolean | Optional | The ConnectorsEnabledForOutlook parameter specifies whether to enable or disable connected apps in Outlook on the web. ' ConnectorsEnabledForSharepoint = 'Boolean | Optional | The ConnectorsEnabledForSharepoint parameter specifies whether to enable or disable connected apps on Sharepoint.' ByteEncoderTypeFor7BitCharsets = 'UInt32 | Optional | The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain.' ComplianceMLBgdCrawlEnabled = 'Boolean | Optional | No description available for ComplianceMLBgdCrawlEnabled' ConnectorsActionableMessagesEnabled = 'Boolean | Optional | The ConnectorsActionableMessagesEnabled parameter specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.' ConnectorsEnabledForTeams = 'Boolean | Optional | The ConnectorsEnabledForTeams parameter specifies whether to enable or disable connected apps on Teams.' DefaultGroupAccessType = 'String | Optional | The DefaultGroupAccessType parameter specifies the default access type for Office 365 groups. | Private / Public' DefaultMinutesToReduceLongEventsBy = 'UInt32 | Optional | The DefaultMinutesToReduceLongEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer.' DefaultMinutesToReduceShortEventsBy = 'UInt32 | Optional | The DefaultMinutesToReduceShortEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long.' ConnectorsEnabledForYammer = 'Boolean | Optional | The ConnectorsEnabledForYammer parameter specifies whether to enable or disable connected apps on Yammer.' CustomerLockboxEnabled = 'Boolean | Optional | Enable Customer Lockbox.' DefaultAuthenticationPolicy = 'String | Optional | The DefaultAuthenticationPolicy parameter specifies the authentication policy that''s used for the whole organization. You can use any value that uniquely identifies the policy.' } OrganizationRelationships = @( @{ MailboxMovePublishedScopes = 'StringArray | Optional | The MailboxMovePublishedScopes parameter is used in cross-tenant mailbox migrations to specify the mail-enabled security groups whose members are allowed to migrate.' FreeBusyAccessLevel = 'String | Optional | The FreeBusyAccessLevel parameter specifies the maximum amount of detail returned to the requesting organization. Valid values are: None, AvailabilityOnly or LimitedDetails | None / AvailabilityOnly / LimitedDetails' TargetAutodiscoverEpr = 'String | Optional | The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct Exchangeserver endpoint to use for external requests.' DomainNames = 'StringArray | Optional | The DomainNames parameter specifies the SMTP domains of the external organization. You can specify multiple domains separated by commas.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MailboxMoveCapability = 'String | Optional | The MailboxMoveCapability parameter is used in cross-tenant mailbox migrations. | Inbound / Outbound / RemoteInbound / RemoteOutbound / None' MailTipsAccessLevel = 'String | Optional | The MailTipsAccessLevel parameter specifies the level of MailTips data externally shared over this organization relationship. This parameter can have the following values: All, Limited, None | None / All / Limited' OrganizationContact = 'String | Optional | The OrganizationContact parameter specifies the email address that can be used to contact the external organization (for example, administrator@fourthcoffee.com).' Name = 'String | Required | The Name parameter specifies the unique name of the organization relationship. The maximum length is 64 characters.' ArchiveAccessEnabled = 'Boolean | Optional | The ArchiveAccessEnabled parameter specifies whether the organization relationship has been configured to provide remote archive access.' MailTipsAccessScope = 'String | Optional | The MailTipsAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.' MailboxMoveEnabled = 'Boolean | Optional | The MailboxMoveEnabled parameter specifies whether the organization relationship enables moving mailboxes to or from the external organization.' Ensure = 'String | Optional | Specify if the OrganizationRelationship should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' OauthApplicationId = 'String | Optional | The OAuthApplicationId is used in cross-tenant mailbox migrations to specify the application ID of the mailbox migration app that you consented to.' TargetOwaURL = 'String | Optional | The TargetOwaURL parameter specifies the Outlook on the web (formerly Outlook Web App) URL of the external organization that''s defined in the organization relationship. It is used for Outlook on the web redirection in a cross-premise Exchange scenario. Configuring this attribute enables users in the organization to use their current Outlook on the web URL to access Outlook on the web in the external organization.' DeliveryReportEnabled = 'Boolean | Optional | The DeliveryReportEnabled parameter specifies whether Delivery Reports should be shared over the organization relationship.' MailTipsAccessEnabled = 'Boolean | Optional | The MailTipsAccessEnabled parameter specifies whether MailTips for users in this organization are returned over this organization relationship.' PhotosEnabled = 'Boolean | Optional | The PhotosEnabled parameter specifies whether photos for users in the internal organization are returned over the organization relationship.' TargetSharingEpr = 'String | Optional | The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services for the external organization.' TargetApplicationUri = 'String | Optional | The TargetApplicationUri parameter specifies the target Uniform Resource Identifier (URI) of the external organization. The TargetApplicationUri parameter is specified by Exchange when requesting a delegated token to retrieve free and busy information, for example, mail.contoso.com.' FreeBusyAccessEnabled = 'Boolean | Optional | The FreeBusyAccessEnabled parameter specifies whether the organization relationship should be used to retrieve free/busy information from the external organization.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether to enable the organization relationship.' FreeBusyAccessScope = 'String | Optional | The FreeBusyAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.' } ) OutboundConnectors = @( @{ TlsSettings = 'String | Optional | The TlsSettings parameter specifies the TLS authentication level that''s used for outbound TLS connections established by this Outbound connector. | EncryptionOnly / CertificateValidation / DomainValidation' RecipientDomains = 'StringArray | Optional | The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas.' ConnectorSource = 'String | Optional | The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS! | Default / Migrated / HybridWizard' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ValidationRecipients = 'StringArray | Optional | The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas.' ConnectorType = 'String | Optional | The ConnectorType parameter specifies a category for the domains that are serviced by the connector. | Partner / OnPremises' TlsDomain = 'String | Optional | The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can''t embed a wildcard character, as shown in the following example: domain.*.contoso.com' CloudServicesMailEnabled = 'Boolean | Optional | The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!' IsTransportRuleScoped = 'Boolean | Optional | The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' SenderRewritingEnabled = 'Boolean | Optional | The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system.' RouteAllMessagesViaOnPremises = 'Boolean | Optional | The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting).' AllAcceptedDomains = 'Boolean | Optional | The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.' Identity = 'String | Required | The Identity parameter specifies the outbound connector that you want to modify.' TestMode = 'Boolean | Optional | The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.' SmartHosts = 'StringArray | Optional | The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line.' UseMXRecord = 'Boolean | Optional | Specifies whether connector should use MXRecords for target resolution.' Enabled = 'Boolean | Optional | Specifies whether connector is enabled.' } ) OwaMailboxPolicies = @( @{ MessagePreviewsDisabled = 'Boolean | Optional | No description available.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PersonalAccountCalendarsEnabled = 'Boolean | Optional | The PersonalAccountCalendarsEnabled parameter specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.' ExplicitLogonEnabled = 'Boolean | Optional | The ExplicitLogonEnabled parameter specifies whether to allow a user to open someone else''s mailbox in Outlook on the web (provided that user has permissions to the mailbox).' ShowOnlineArchiveEnabled = 'Boolean | Optional | No description available.' BlockedFileTypes = 'StringArray | Optional | The BlockedFileTypes parameter specifies a list of attachment file types (file extensions) that can''t be saved locally or viewed from Outlook on the web.' AllowedMimeTypes = 'StringArray | Optional | The AllowedMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.' ConditionalAccessPolicy = 'String | Optional | The ConditionalAccessPolicy parameter specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal. | Off / ReadOnly / ReadOnlyPlusAttachmentsBlocked' TeamSnapCalendarsEnabled = 'Boolean | Optional | The TeamSnapCalendarsEnabled parameter specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.' LocalEventsEnabled = 'Boolean | Optional | The LocalEventsEnabled parameter specifies whether local events calendars are available in Outlook on the web.' WacViewingOnPublicComputersEnabled = 'Boolean | Optional | The WacViewingOnPublicComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server. ' OutlookBetaToggleEnabled = 'Boolean | Optional | The OutlookBetaToggleEnabled parameter specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.' ExternalSPMySiteHostURL = 'String | Optional | The ExternalSPMySiteHostURL specifies the My Site Host URL for external users.' OnSendAddinsEnabled = 'Boolean | Optional | The OnSendAddinsEnabled parameter specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).' ForceSaveMimeTypes = 'StringArray | Optional | The ForceSaveMimeTypes parameter specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).' JournalEnabled = 'Boolean | Optional | The JournalEnabled parameter specifies whether the Journal folder is available in Outlook on the web.' DisplayPhotosEnabled = 'Boolean | Optional | The DisplayPhotosEnabled parameter specifies whether users see sender photos in Outlook on the web.' GroupCreationEnabled = 'Boolean | Optional | The GroupCreationEnabled parameter specifies whether Office 365 group creation is available in Outlook on the web.' ForceSaveFileTypes = 'StringArray | Optional | The ForceSaveFileTypes parameter specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).' ChangeSettingsAccountEnabled = 'Boolean | Optional | No description available.' NpsSurveysEnabled = 'Boolean | Optional | The NpsSurveysEnabled parameter specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows uses to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.' AdditionalAccountsEnabled = 'Boolean | Optional | No description available.' TextMessagingEnabled = 'Boolean | Optional | The TextMessagingEnabled parameter specifies whether users can send and receive text messages in Outlook on the web.' SearchFoldersEnabled = 'Boolean | Optional | The SearchFoldersEnabled parameter specifies whether Search Folders are available in Outlook on the web.' UserVoiceEnabled = 'Boolean | Optional | The UserVoiceEnabled parameter specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that''s available in Office 365.' ForceWacViewingFirstOnPublicComputers = 'Boolean | Optional | The ForceWacViewingFirstOnPublicComputers parameter specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.' InterestingCalendarsEnabled = 'Boolean | Optional | The InterestingCalendarsEnabled parameter specifies whether interesting calendars are available in Outlook on the web.' GlobalAddressListEnabled = 'Boolean | Optional | The GlobalAddressListEnabled parameter specifies whether the global address list is available in Outlook on the web.' IRMEnabled = 'Boolean | Optional | The IRMEnabled parameter specifies whether Information Rights Management (IRM) features are available in Outlook on the web.' Ensure = 'String | Optional | Specify if the OWA Mailbox Policy should exist or not. | Present / Absent' DirectFileAccessOnPublicComputersEnabled = 'Boolean | Optional | The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for public computer sessions.' DirectFileAccessOnPrivateComputersEnabled = 'Boolean | Optional | The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for private computer sessions. ' SetPhotoURL = 'String | Optional | The SetPhotoURL parameter controls where users go to select their photo. Note that you can''t specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users'' Exchange Online mailboxes.' ItemsToOtherAccountsEnabled = 'Boolean | Optional | No description available.' SignaturesEnabled = 'Boolean | Optional | The SignaturesEnabled parameter specifies whether to enable or disable the use of signatures in Outlook on the web.' WacOMEXEnabled = 'Boolean | Optional | The WacOMEXEnabled parameter specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.' WacExternalServicesEnabled = 'Boolean | Optional | The WacExternalServicesEnabled parameter specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.' InternalSPMySiteHostURL = 'String | Optional | The InternalSPMySiteHostURL specifies the My Site Host URL for internal users.' RemindersAndNotificationsEnabled = 'Boolean | Optional | The RemindersAndNotificationsEnabled parameter specifies whether notifications and reminders are enabled in Outlook on the web.' SatisfactionEnabled = 'Boolean | Optional | The SatisfactionEnabled parameter specifies whether to enable or disable the satisfaction survey.' InstantMessagingType = 'String | Optional | The InstantMessagingType parameter specifies the type of instant messaging provider in Outlook on the web. | None / Ocs' ActiveSyncIntegrationEnabled = 'Boolean | Optional | The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web. ' PersonalAccountsEnabled = 'Boolean | Optional | No description available.' DefaultTheme = 'String | Optional | The DefaultTheme parameter specifies the default theme that''s used in Outlook on the web when the user hasn''t selected a theme. The default value is blank ($null).' SetPhotoEnabled = 'Boolean | Optional | The SetPhotoEnabled parameter specifies whether users can add, change, and remove their sender photo in Outlook on the web.' ClassicAttachmentsEnabled = 'Boolean | Optional | The ClassicAttachmentsEnabled parameter specifies whether users can attach local files as regular email attachments in Outlook on the web.' AllowCopyContactsToDeviceAddressBook = 'Boolean | Optional | The AllowCopyContactsToDeviceAddressBook parameter specifies whether users can copy the contents of their Contacts folder to a mobile device''s native address book when using Outlook on the web for devices.' UseISO885915 = 'Boolean | Optional | The UseISO885915 parameter specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.' OutboundCharset = 'String | Optional | The OutboundCharset parameter specifies the character set that''s used for outgoing messages in Outlook on the web. | AutoDetect / AlwaysUTF8 / UserLanguageChoice' PlacesEnabled = 'Boolean | Optional | The PlacesEnabled parameter specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.' ReportJunkEmailEnabled = 'Boolean | Optional | The ReportJunkEmailEnabled parameter specifies whether users can report messages to Microsoft or unsubscribe from messages in Outlook on the web. ' ForceWacViewingFirstOnPrivateComputers = 'Boolean | Optional | The ForceWacViewingFirstOnPrivateComputers parameter specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.' RecoverDeletedItemsEnabled = 'Boolean | Optional | The RecoverDeletedItemsEnabled parameter specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.' NotesEnabled = 'Boolean | Optional | The NotesEnabled parameter specifies whether the Notes folder is available in Outlook on the web.' OrganizationEnabled = 'Boolean | Optional | When the OrganizationEnabled parameter is set to $false, the Automatic Reply option doesn''t include external and internal options, the address book doesn''t show the organization hierarchy, and the Resources tab in Calendar forms is disabled.' WebPartsFrameOptionsType = 'String | Optional | The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web. | None / SameOrigin / Deny' ActionForUnknownFileAndMIMETypes = 'String | Optional | The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren''t specified in the Allow, Block, and Force Save lists for file types and MIME types | Allow / ForceSave / Block' WacEditingEnabled = 'Boolean | Optional | The WacEditingEnabled parameter specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). ' PublicFoldersEnabled = 'Boolean | Optional | The PublicFoldersEnabled parameter specifies whether a user can browse or read items in public folders in Outlook Web App.' BookingsMailboxCreationEnabled = 'Boolean | Optional | No description available.' ForceSaveAttachmentFilteringEnabled = 'Boolean | Optional | The ForceSaveAttachmentFilteringEnabled parameter specifies whether files are filtered before they can be saved from Outlook on the web.' LogonAndErrorLanguage = 'SInt32 | Optional | The LogonAndErrorLanguage parameter specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user''s current language setting can''t be read. A valid value is a supported Microsoft Windows Language Code Identifier (LCID). For example, 1033 is US English.' SkipCreateUnifiedGroupCustomSharepointClassification = 'Boolean | Optional | The SkipCreateUnifiedGroupCustomSharepointClassification parameter specifies whether to skip a custom SharePoint page during the creation of Office 365 Groups in Outlook web app.' AllAddressListsEnabled = 'Boolean | Optional | The AllAddressListsEnabled parameter specifies which address lists are available in Outlook on the web.' ExternalImageProxyEnabled = 'Boolean | Optional | The ExternalImageProxyEnabled parameter specifies whether to load all external images through the Outlook external image proxy.' ProjectMocaEnabled = 'Boolean | Optional | The ProjectMocaEnabled parameter enables or disables access to Project Moca in Outlook on the web.' PremiumClientEnabled = 'Boolean | Optional | The PremiumClientEnabled parameter controls the availability of the full version of Outlook Web App.' BlockedMimeTypes = 'StringArray | Optional | The BlockedMimeTypes parameter specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.' UMIntegrationEnabled = 'Boolean | Optional | The UMIntegrationEnabled parameter specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.' FeedbackEnabled = 'Boolean | Optional | The FeedbackEnabled parameter specifies whether to enable or disable inline feedback surveys in Outlook on the web.' ThemeSelectionEnabled = 'Boolean | Optional | The ThemeSelectionEnabled parameter specifies whether users can change the theme in Outlook on the web.' WeatherEnabled = 'Boolean | Optional | The WeatherEnabled parameter specifies whether to enable or disable weather information in the calendar in Outlook on the web.' IsDefault = 'Boolean | Optional | The IsDefault switch specifies whether the Outlook on the web policy is the default policy that''s used to configure the Outlook on the web settings for new mailboxes.' AllowedFileTypes = 'StringArray | Optional | The AllowedFileTypes parameter specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.' RulesEnabled = 'Boolean | Optional | The RulesEnabled parameter specifies whether a user can view, create, or modify server-side rules in Outlook on the web.' OneWinNativeOutlookEnabled = 'Boolean | Optional | The OneWinNativeOutlookEnabled parameter controls the availability of the new Outlook for Windows App.' FreCardsEnabled = 'Boolean | Optional | The FreCardsEnabled parameter specifies whether the theme, signature, and phone cards are available in Outlook on the web.' Name = 'String | Required | The Name parameter specifies the unique name for the policy. The maximum length is 64 characters.' InstantMessagingEnabled = 'Boolean | Optional | The InstantMessagingEnabled parameter specifies whether instant messaging is available in Outlook on the web.' AdditionalStorageProvidersAvailable = 'Boolean | Optional | The AdditionalStorageProvidersAvailable parameter specifies whether to allow additional storage providers (for example, Box, Dropbox, Facebook, Google Drive, Egnyte, personal OneDrive) attachments in Outlook on the web.' UseGB18030 = 'Boolean | Optional | The UseGB18030 parameter specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.' OWALightEnabled = 'Boolean | Optional | The OWALightEnabled parameter controls the availability of the light version of Outlook on the web.' PrintWithoutDownloadEnabled = 'Boolean | Optional | The PrintWithoutDownloadEnabled specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.' SaveAttachmentsToCloudEnabled = 'Boolean | Optional | The SaveAttachmentsToCloudEnabled parameter specifies whether users can save regular email attachments to the cloud.' UniqueId = 'String | Required | Unique ID to identify this specific object' WacViewingOnPrivateComputersEnabled = 'Boolean | Optional | The WacViewingOnPrivateComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). By default, all Outlook on the web sessions are considered to be on private computers.' ReferenceAttachmentsEnabled = 'Boolean | Optional | The ReferenceAttachmentsEnabled parameter specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.' DisableFacebook = 'Boolean | Optional | The DisableFacebook switch specifies whether users can synchronize their Facebook contacts to their Contacts folder in Outlook on the web. By default, Facebook integration is enabled.' PhoneticSupportEnabled = 'Boolean | Optional | The PhoneticSupportEnabled parameter specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.' } ) PartnerApplications = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Name = 'String | Required | The Name parameter specifies a new name for the partner application.' AcceptSecurityIdentifierInformation = 'Boolean | Optional | The AcceptSecurityIdentifierInformation parameter specifies whether Exchange should accept security identifiers (SIDs) from another trusted Active Directory forest for the partner application.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the partner application is enabled.' Ensure = 'String | Optional | Specify if the Partner Application should exist or not. | Present / Absent' ApplicationIdentifier = 'String | Optional | The ApplicationIdentifier parameter specifies a unique application identifier for the partner application that uses an authorization server.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' LinkedAccount = 'String | Optional | The LinkedAccount parameter specifies a linked Active Directory user account for the application.' AccountType = 'String | Optional | The AccountType parameter specifies the type of Microsoft account that''s required for the partner application. | OrganizationalAccount / ConsumerAccount' } ) PerimeterConfiguration = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' GatewayIPAddresses = 'StringArray | Optional | Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' } Places = @( @{ Street = 'String | Optional | The Street parameter specifies the room''s physical address.' Tags = 'StringArray | Optional | The Tags parameter specifies additional features of the room (for example, details like the type of view or furniture type).' ParentId = 'String | Optional | The ParentId parameter specifies the ID of a Place in the parent location hierarchy in Microsoft Places.' DisplayName = 'String | Optional | The display name of the place.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' FloorLabel = 'String | Optional | The FloorLabel parameter specifies a descriptive label for the floor that the room is on. If the value contains spaces, enclose the value in quotation marks.' Floor = 'String | Optional | The Floor parameter specifies the floor number that the room is on.' MTREnabled = 'Boolean | Optional | The MTREnabled parameter identifies the room as configured with a Microsoft Teams room system. You can add Teams room systems as audio sources in Teams meetings that involve the room.' Label = 'String | Optional | The Label parameter specifies a descriptive label for the room (for example, a number or name). If the value contains spaces, enclose the value in quotation marks.' AudioDeviceName = 'String | Optional | The AudioDeviceName parameter specifies the name of the audio device in the room. If the value contains spaces, enclose the value in quotation marks.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' Desks = 'StringArray | Optional | N/A' ParentType = 'String | Optional | The ParentType parameter specifies the parent type of the ParentId in Microsoft Places. Valid values are: Floor, Section | Floor / Section / None' Capacity = 'UInt32 | Optional | The Capacity parameter specifies the capacity of the room. A valid value is an integer.' GeoCoordinates = 'String | Optional | The GeoCoordinates parameter specifies the room''s location in latitude, longitude and (optionally) altitude coordinates.' CountryOrRegion = 'String | Optional | The CountryOrRegion parameter specifies the room''s country or region. A valid value is a valid ISO 3166-1 two-letter country code (for example, AU for Australia) or the corresponding friendly name for the country (which might be different from the official ISO 3166 Maintenance Agency short name).' PostalCode = 'String | Optional | The PostalCode parameter specifies the room''s postal code.' State = 'String | Optional | The State parameter specifies the room''s state or province.' Identity = 'String | Required | The Identity parameter specifies the room mailbox that you want to modify. You can use any value that uniquely identifies the room.' DisplayDeviceName = 'String | Optional | The DisplayDeviceName parameter specifies the name of the display device in the room. If the value contains spaces, enclose the value in quotation marks.' City = 'String | Optional | The City parameter specifies the room''s city. If the value contains spaces, enclose the value in quotation marks.' Building = 'String | Optional | The Building parameter specifies the building name or building number that the room is in. If the value contains spaces, enclose the value in quotation marks.' VideoDeviceName = 'String | Optional | The VideoDeviceName parameter specifies the name of the video device in the room. If the value contains spaces, enclose the value in quotation marks.' IsWheelChairAccessible = 'Boolean | Optional | The IsWheelChairAccessible parameter specifies whether the room is wheelchair accessible.' Phone = 'String | Optional | The Phone parameter specifies the room''s telephone number.' } ) PoliciesTipConfig = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies the custom Policy Tip you want to modify.' UniqueId = 'String | Required | Unique ID to identify this specific object' Value = 'String | Optional | The Value parameter specifies the text that''s displayed by the Policy Tip.' Ensure = 'String | Optional | Specify if the Policy Tip Config should exist or not. | Present / Absent' } ) QuarantinePolicies = @( @{ EndUserQuarantinePermissionsValue = 'UInt32 | Optional | The EndUserQuarantinePermissionsValue parameter specifies the end-user permissions for the quarantine policy.' CustomDisclaimer = 'String | Optional | This parameter is reserved for internal Microsoft use.' EndUserSpamNotificationCustomFromAddress = 'String | Optional | The EndUserSpamNotificationCustomFromAddress specifies the email address of an existing internal sender to use as the sender for quarantine notifications. To set this parameter back to the default email address quarantine@messaging.microsoft.com, use the value $null.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MultiLanguageSetting = 'StringArray | Optional | The MultiLanguageSetting parameter specifies the language of quarantine notifications.' ESNEnabled = 'Boolean | Optional | The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.' MultiLanguageSenderName = 'StringArray | Optional | The MultiLanguageSenderName parameter specifies the email sender''s display name to use in quarantine notifications.' EndUserSpamNotificationFrequencyInDays = 'String | Optional | This parameter is reserved for internal Microsoft use.' Ensure = 'String | Optional | Specifies if this QuarantinePolicy should exist. | Present / Absent' EsnCustomSubject = 'StringArray | Optional | The EsnCustomSubject parameter specifies the text to use in the Subject field of quarantine notifications.This setting is available only in the built-in quarantine policy named DefaultGlobalTag that controls global quarantine policy settings.' Identity = 'String | Required | The Identity parameter specifies the QuarantinePolicy you want to modify.' OrganizationBrandingEnabled = 'Boolean | Optional | The OrganizationBrandingEnabled parameter enables or disables organization branding in the end-user quarantine notification messages.' MultiLanguageCustomDisclaimer = 'StringArray | Optional | The MultiLanguageCustomDisclaimer parameter specifies the custom disclaimer text to use near the bottom of quarantine notifications.' EndUserSpamNotificationFrequency = 'String | Optional | The EndUserSpamNotificationFrequency parameter species how often quarantine notifications are sent to users. Valid values are: 04:00:00 (4 hours),1.00:00:00 (1 day),7.00:00:00 (7 days)' QuarantinePolicyType = 'String | Optional | The QuarantinePolicyType parameter filters the results by the specified quarantine policy type. Valid values are: QuarantinePolicy, GlobalQuarantinePolicy' } ) RecipientPermissions = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Trustee = 'String | Required | The account to give the permission to.' Ensure = 'String | Optional | Present ensures the group exists, absent ensures it is removed | Present / Absent' AccessRights = 'StringArray | Optional | The access rights granted to the account. Only ''SendAs'' is supported.' Identity = 'String | Required | The mailbox the permission should be given on.' } ) RemoteDomains = @( @{ CharacterSet = 'String | Optional | The CharacterSet parameter specifies a character set for MIME messages without defined character sets that are sent from your organization to recipients in the remote domain.' DisplaySenderName = 'Boolean | Optional | The DisplaySenderName parameter specifies whether to show the sender''s Display Name in the From email address for messages sent to recipients in the remote domain.' MeetingForwardNotificationEnabled = 'Boolean | Optional | The MeetingForwardNotificationEnabled parameter specifies whether to enable meeting forward notifications for recipients in the remote domain.' Name = 'String | Optional | The Name parameter specifies a unique name for the remote domain object. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.' Ensure = 'String | Optional | Specify if the RemoteDomain should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TNEFEnabled = 'Boolean | Optional | The TNEFEnabled parameter specifies whether Transport Neutral Encapsulation Format (TNEF) message encoding is used on messages sent to the remote domain.' UseSimpleDisplayName = 'Boolean | Optional | The UseSimpleDisplayName parameter specifies whether the sender''s simple display name is used for the From email address in messages sent to recipients in the remote domain.' LineWrapSize = 'String | Optional | The LineWrapSize parameter specifies the line-wrap size for messages to recipients in the remote domain. Valid values are an integer from 0 through 132 or the value to unlimited. The default value is unlimited.' PreferredInternetCodePageForShiftJis = 'String | Optional | The PreferredInternetCodePageForShiftJis parameter specifies the specific code page to use for Shift JIS character encoding in messages that are sent to recipients in the remote domain. | 50220 / 50221 / 50222 / Undefined' TrustedMailOutboundEnabled = 'Boolean | Optional | The TrustedMailOutboundEnabled parameter specifies whether messages sent to recipients in the remote domain are treated as trusted messages.' NonMimeCharacterSet = 'String | Optional | The NonMimeCharacterSet parameter specifies a character set for plain text messages without defined character sets that are sent from your organization to recipients in the remote domain.' TargetDeliveryDomain = 'Boolean | Optional | The TargetDeliveryDomain parameter specifies whether the remote domain is used in cross-forest deployments to generate target email addresses for new mail users that represent users in the other organization (for example, all mailboxes hosted on Exchange Online are represented as mail users in your on-premises organization).' ContentType = 'String | Optional | The ContentType parameter specifies the outbound message content type and formatting. | MimeHtmlText / MimeText / MimeHtml' AutoForwardEnabled = 'Boolean | Optional | The AutoForwardEnabled parameter specifies whether to allow messages that are auto-forwarded by client email programs in your organization.' Identity = 'String | Required | Specify the Identity for the RemoteDomain.' TrustedMailInboundEnabled = 'Boolean | Optional | The TrustedMailInboundEnabled parameter specifies whether messages from senders in the remote domain are treated as trusted messages.' DeliveryReportEnabled = 'Boolean | Optional | The DeliveryReportEnabled parameter specifies whether to allow delivery reports from client software in your organization to recipients in the remote domain.' ByteEncoderTypeFor7BitCharsets = 'String | Optional | The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain. | Use7Bit / UseQP / UseBase64 / UseQPHtmlDetectTextPlain / UseBase64HtmlDetectTextPlain / UseQPHtml7BitTextPlain / UseBase64Html7BitTextPlain / Undefined' RequiredCharsetCoverage = 'SInt32 | Optional | The RequiredCharsetCoverage parameter specifies a percentage threshold for characters in a message that must match to apply your organization''s preferred character set before switching to automatic character set detection.' DomainName = 'String | Optional | The DomainName parameter specifies the SMTP domain that you want to establish as a remote domain. A valid value is an SMTP domain (for example, contoso.com). The maximum length is 256 characters.' AutoReplyEnabled = 'Boolean | Optional | The AutoReplyEnabled parameter specifies whether to allow messages that are automatic replies from client email programs in your organization (for example, automatic reply messages that are generated by rules in Outlook).' NDREnabled = 'Boolean | Optional | The NDREnabled parameter specifies whether to allow non-delivery reports (also known NDRs or bounce messages) from your organization to recipients in the remote domain.' AllowedOOFType = 'String | Optional | The AllowedOOFType parameter specifies the type of automatic replies or out-of-office (also known as OOF) notifications than can be sent to recipients in the remote domain. Valid values are: External, ExternalLegacy, InternalLegacy or None | External / ExternalLegacy / InternalLegacy / None' IsInternal = 'Boolean | Optional | The IsInternal parameter specifies whether the recipients in the remote domain are considered to be internal recipients.' } ) ReportSubmissionPolicy = @{ ReportJunkToCustomizedAddress = 'Boolean | Optional | The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. ' ReportNotJunkAddresses = 'StringArray | Optional | The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.' ReportNotJunkToCustomizedAddress = 'Boolean | Optional | The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.' ReportJunkAddresses = 'StringArray | Optional | The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.' PreSubmitMessage = 'String | Optional | The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. ' PreSubmitMessageEnabled = 'Boolean | Optional | The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools.' PreSubmitMessageTitle = 'String | Optional | The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages.' ReportPhishAddresses = 'StringArray | Optional | The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ReportPhishToCustomizedAddress = 'Boolean | Optional | The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.' ThirdPartyReportAddresses = 'StringArray | Optional | Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you''re using a third-party product for user submissions instead of reporting in Outlook.' Ensure = 'String | Optional | Specifies if this report submission policy should exist. | Present / Absent' EnableReportToMicrosoft = 'Boolean | Optional | The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled.' EnableThirdPartyAddress = 'Boolean | Optional | The EnableThirdPartyAddress parameter specifies whether you''re using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online.' EnableUserEmailNotification = 'Boolean | Optional | The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.' EnableOrganizationBranding = 'Boolean | Optional | The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.' DisableQuarantineReportingOption = 'Boolean | Optional | The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.' EnableCustomNotificationSender = 'Boolean | Optional | The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.' JunkReviewResultMessage = 'String | Optional | The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk.' PostSubmitMessage = 'String | Optional | The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages.' PostSubmitMessageEnabled = 'Boolean | Optional | The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools.' PostSubmitMessageTitle = 'String | Optional | The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages.' PhishingReviewResultMessage = 'String | Optional | The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing.' NotJunkReviewResultMessage = 'String | Optional | The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk.' NotificationFooterMessage = 'String | Optional | The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing.' NotificationSenderAddress = 'String | Optional | The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.' } ReportSubmissionRule = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specifies if this report submission rule should exist. | Present / Absent' Identity = 'String | Optional | The Identity parameter specifies the report submission rule that you want to modify.' SentTo = 'StringArray | Optional | The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.' } ResourceConfiguration = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' ResourcePropertySchema = 'StringArray | Optional | The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/<Text> or Equipment/<Text> where the <Text> value doesn''t contain spaces. For example, Room/Whiteboard or Equipment/Van.' Ensure = 'String | Optional | Specifies if this Outbound connector should exist. | Present / Absent' } RoleAssignmentPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The Description parameter specifies the description that''s displayed when the role assignment policy is viewed using the Get-RoleAssignmentPolicy cmdlet.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Role Assignment Policy should exist or not. | Present / Absent' Roles = 'StringArray | Optional | The Roles parameter specifies the management roles to assign to the role assignment policy when it''s created.' Name = 'String | Required | The Name parameter specifies the new name of the assignment policy. The maximum length is 64 characters.' IsDefault = 'Boolean | Optional | The IsDefault switch makes the assignment policy the default assignment policy.' } ) RoleGroups = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The Description parameter specifies the description that''s displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Role Group should exist or not. | Present / Absent' Roles = 'StringArray | Optional | The Roles parameter specifies the management roles to assign to the role group when it''s created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.' Name = 'String | Required | The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.' Members = 'StringArray | Optional | The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks' } ) SafeAttachmentPolicies = @( @{ Redirect = 'Boolean | Optional | The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid values are: $true: Malware attachments are sent to the email address specified by the RedirectAddress parameter. $false: Malware attachments aren''t sent to another email address. This is the default value.' Enable = 'Boolean | Optional | Specify if this policy should be enabled. Default is $true.' Action = 'String | Optional | The Action parameter specifies the action for the Safe Attachments policy. | Block / Replace / Allow / DynamicDelivery' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' RedirectAddress = 'String | Optional | The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the Redirect parameter is set to the value $true.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identity parameter specifies the name of the SafeAttachmentpolicy that you want to modify.' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' QuarantineTag = 'String | Optional | The QuarantineTag specifies the quarantine policy that''s used on messages that are quarantined as malware by Safe Attachments.' ActionOnError = 'Boolean | Optional | The ActionOnError parameter specifies the error handling option for Safe Attachments scanning (what to do if scanning times out or an error occurs). Valid values are: $true: The action specified by the Action parameter is applied to messages even when the attachments aren''t successfully scanned. $false: The action specified by the Action parameter isn''t applied to messages when the attachments aren''t successfully scanned. This is the default value.' } ) SafeAttachmentRules = @( @{ Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Identity = 'String | Required | The Identity parameter specifies the name of the SafeAttachment rule that you want to modify.' SafeAttachmentPolicy = 'String | Required | The SafeAttachmentPolicy parameter specifies the name of the SafeAttachment policy that''s associated with the SafeAttachment rule.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' Enabled = 'Boolean | Optional | Specify if this rule should be enabled. Default is $true.' } ) SafeLinksPolicies = @( @{ DisableUrlRewrite = 'Boolean | Optional | The DisableUrlRewrite parameter specifies whether to rewrite (wrap) URLs in email messages. Valid values are: $true: URLs in messages are not rewritten, but messages are still scanned by Safe Links prior to delivery. Time of click checks on links are done using the Safe Links API in supported Outlook clients (currently, Outlook for Windows and Outlook for Mac). Typically, we don''t recommend using this value. $false: URLs in messages are rewritten. API checks still occur on unwrapped URLs in supported clients if the user is in a valid Safe Links policy. This is the default value.' EnableForInternalSenders = 'Boolean | Optional | The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.' EnableOrganizationBranding = 'Boolean | Optional | The EnableOrganizationBranding parameter specifies whether your organization''s logo is displayed on Safe Links warning and notification pages.' AdminDisplayName = 'String | Optional | The AdminDisplayName parameter specifies a description for the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnableSafeLinksForOffice = 'Boolean | Optional | The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for supported Office desktop, mobile, or web apps.' TrackClicks = 'Boolean | Optional | The TrackClicks parameter specifies whether to track user clicks related to Safe Links protection of links.' EnableSafeLinksForEmail = 'Boolean | Optional | The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages. Valid values are: $true: Safe Links is enabled for email. When a user clicks a link in an email, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser. $false: Safe Links isn''t enabled for email. This is the default value.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' DoNotRewriteUrls = 'StringArray | Optional | The DoNotRewriteUrls parameter specifies a URL that''s skipped by Safe Links scanning. You can specify multiple values separated by commas.' EnableSafeLinksForTeams = 'Boolean | Optional | The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn''t enabled for Teams. This is the default value.' AllowClickThrough = 'Boolean | Optional | The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.' CustomNotificationText = 'String | Optional | The custom notification text specifies the customized notification text to show to users.' DeliverMessageAfterScan = 'Boolean | Optional | The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can''t complete, deliver the message anyway. This is the default value.' ScanUrls = 'Boolean | Optional | The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value.' Identity = 'String | Required | The Identity parameter specifies the SafeLinks policy that you want to modify.' UseTranslatedNotificationText = 'Boolean | Optional | The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter.' } ) SafeLinksRules = @( @{ Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can''t have the same priority value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' Comments = 'String | Optional | The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can''t exceed 1024 characters.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Identity = 'String | Required | The Identity parameter specifies the name of the SafeLink rule that you want to modify.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' SafeLinksPolicy = 'String | Required | The SafeLinksPolicy parameter specifies the name of the SafeLink policy that''s associated with the SafeLinksing rule.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' Enabled = 'Boolean | Optional | Specify if this rule should be enabled. Default is $true.' } ) SharedMailboxs = @( @{ Ensure = 'String | Optional | Present ensures the group exists, absent ensures it is removed | Present / Absent' Alias = 'String | Optional | The alias of the Shared Mailbox' EmailAddresses = 'StringArray | Optional | The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the Shared Mailbox' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | The unique identifier of the Shared Mailbox' PrimarySMTPAddress = 'String | Optional | The primary email address of the Shared Mailbox' DisplayName = 'String | Required | The display name of the Shared Mailbox' } ) SharingPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Default = 'Boolean | Optional | The Default switch specifies that the sharing policy is the default sharing policy for all mailboxes.' Ensure = 'String | Optional | Specify if the Sharing Policy should exist or not. | Present / Absent' Domains = 'StringArray | Optional | The Domains parameter specifies domains to which this policy applies and the sharing policy action.' Name = 'String | Required | The Name parameter specifies the unique name of the sharing policy. The maximum length is 64 characters.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether to enable the sharing policy. Valid values for this parameter are $true or $false.' } ) TransportConfig = @{ MaxRecipientEnvelopeLimit = 'String | Optional | The MaxRecipientEnvelopeLimit parameter specifies the maximum number of recipients in a message.' ReplyAllStormBlockDurationHours = 'SInt32 | Optional | Reply all storm block duration hours.' ReplyAllStormDetectionMinimumRecipients = 'SInt32 | Optional | Reply all storm detection minimum recipients.' JournalingReportNdrTo = 'String | Optional | The JournalingReportNdrTo parameter specifies the email address to which journal reports are sent if the journaling mailbox is unavailable.' InternalDsnReportingAuthority = 'String | Optional | The InternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of internal DSN messages.' InternalDsnSendHtml = 'Boolean | Optional | The InternalDsnSendHtml parameter specifies whether internal DSN messages should be HTML or plain text.' JournalMessageExpirationDays = 'SInt32 | Optional | The JournalMessageExpirationDays parameter extends the number of days that undeliverable journal reports are queued before they expire.' ReplyAllStormDetectionMinimumReplies = 'SInt32 | Optional | Reply all storm detection minimum replies.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ReplyAllStormProtectionEnabled = 'Boolean | Optional | Reply all storm protection enabled.' Rfc2231EncodingEnabled = 'Boolean | Optional | The Rfc2231EncodingEnabled parameter specifies whether the RFC 2231 encoding of MIME parameters for outbound messages is enabled in your organization.' SmtpClientAuthenticationDisabled = 'Boolean | Optional | The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the whole organization.' InternalDsnLanguageDetectionEnabled = 'Boolean | Optional | The InternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an internal DSN message in the same language as the original message that generated the notification.' ConvertDisclaimerWrapperToEml = 'Boolean | Optional | The ConvertDisclaimerWrapperToEml parameter specifies whether the original message will be added as a TNEF attachment or a regular EML attachment to a disclaimer.' DSNConversionMode = 'String | Optional | The DSNConversionMode parameter controls how Exchange handles delivery status notifications that are generated by earlier versions of Exchange or other messaging systems.' ExternalDelayDsnEnabled = 'Boolean | Optional | The ExternalDelayDsnEnabled parameter specifies whether a delay delivery status notification (DSN) message should be created for external messages that couldn''t be immediately delivered. ' ClearCategories = 'Boolean | Optional | The ClearCategories parameter keeps or removes Microsoft Outlook message categories during content conversion.' AddressBookPolicyRoutingEnabled = 'Boolean | Optional | The AddressBookPolicyRoutingEnabled parameter controls how recipients are resolved in an organization that uses address book policies to create separate virtual organizations within the same Exchange organization.' AllowLegacyTLSClients = 'Boolean | Optional | Allow legacy TLS clients' ExternalDsnDefaultLanguage = 'String | Optional | The ExternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create external DSN messages.' HeaderPromotionModeSetting = 'String | Optional | The HeaderPromotionModeSetting parameter specifies whether named properties are created for custom X-headers on messages received.' InternalDelayDsnEnabled = 'Boolean | Optional | The InternalDelayDsnEnabled parameter specifies whether a delay DSN message should be created for messages sent to or from recipients or senders in the same Exchange organization that couldn''t be immediately delivered.' InternalDsnDefaultLanguage = 'String | Optional | The InternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create internal DSN messages.' ExternalPostmasterAddress = 'String | Optional | The ExternalPostmasterAddress parameter specifies the email address in the From header field of an external DSN message.' ExternalDsnLanguageDetectionEnabled = 'Boolean | Optional | The ExternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an external DSN message in the same language as the original message that generated the notification.' ExternalDsnReportingAuthority = 'String | Optional | The ExternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of external DSN messages. ' ExternalDsnSendHtml = 'Boolean | Optional | The ExternalDsnSendHtml parameter specifies whether external DSN messages should be HTML or plain text.' } TransportRules = @( @{ ActivationDate = 'String | Optional | The ActivationDate parameter specifies when the rule starts processing messages. The rule won''t take any action on messages until the specified date/time.' ExceptIfFrom = 'StringArray | Optional | The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders.' ApplyHtmlDisclaimerFallbackAction = 'String | Optional | The ApplyHtmlDisclaimerFallbackAction parameter specifies what to do if the HTML disclaimer can''t be added to a message. | Wrap / Ignore / Reject' ExceptIfRecipientADAttributeContainsWords = 'StringArray | Optional | The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.' RecipientADAttributeMatchesPatterns = 'StringArray | Optional | The RecipientADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.' AttachmentSizeOver = 'String | Optional | The AttachmentSizeOver parameter specifies a condition that looks for messages where any attachment is greater than the specified size.' ExceptIfSenderADAttributeContainsWords = 'StringArray | Optional | The ExceptIfSenderADAttributeContainsWords parameter specifies an exception that looks for words in Active Directory attributes of message senders.' SetSCL = 'String | Optional | The SetSCL parameter specifies an action that adds or modifies the SCL value of messages.' AnyOfRecipientAddressContainsWords = 'StringArray | Optional | The AnyOfRecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.' ExceptIfAnyOfCcHeader = 'StringArray | Optional | The ExceptIfAnyOfCcHeader parameter specifies an exception that looks for recipients in the Cc field of messages.' ExceptIfAttachmentMatchesPatterns = 'StringArray | Optional | The ExceptIfAttachmentMatchesPatterns parameter specifies an exception that looks for text patterns in the content of message attachments by using regular expressions.' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains.' SenderADAttributeContainsWords = 'StringArray | Optional | The SenderADAttributeContainsWords parameter specifies a condition that looks for words in Active Directory attributes of message senders.' ExceptIfHeaderMatchesPatterns = 'StringArray | Optional | The ExceptIfHeaderMatchesPatterns parameter specifies an exception that looks for text patterns in a header field by using regular expressions.' ExceptIfFromScope = 'String | Optional | The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders. | InOrganization / NotInOrganization' ADComparisonAttribute = 'String | Optional | This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf.' From = 'StringArray | Optional | The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.' ExceptIfHeaderContainsWords = 'StringArray | Optional | The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field.' HeaderMatchesPatterns = 'StringArray | Optional | The HeaderMatchesPatterns parameter specifies a condition that looks for text patterns in a header field by using regular expressions. ' RemoveRMSAttachmentEncryption = 'Boolean | Optional | This parameter specifies an action or part of an action for the rule.' DeleteMessage = 'Boolean | Optional | The DeleteMessage parameter specifies an action that silently drops messages without an NDR.' HasSenderOverride = 'Boolean | Optional | DEPRECATED' ExceptIfSubjectOrBodyMatchesPatterns = 'StringArray | Optional | The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field or body of messages.' ExceptIfHasSenderOverride = 'Boolean | Optional | DEPRECATED' Quarantine = 'Boolean | Optional | The Quarantine parameter specifies an action that quarantines messages.' AnyOfCcHeaderMemberOf = 'StringArray | Optional | The AnyOfCcHeaderMemberOf parameter specifies a condition that looks for group members in the Cc field of messages.' ExceptIfRecipientInSenderList = 'StringArray | Optional | This parameter is reserved for internal Microsoft use.' RecipientAddressType = 'String | Optional | The RecipientAddressType parameter specifies how conditions and exceptions check recipient email addresses. | Original / Resolved' ExceptIfContentCharacterSetContainsWords = 'StringArray | Optional | The ExceptIfContentCharacterSetContainsWords parameter specifies an exception that looks for character set names in messages.' BlindCopyTo = 'StringArray | Optional | The BlindCopyTo parameter specifies an action that adds recipients to the Bcc field of messages. ' ApplyHtmlDisclaimerLocation = 'String | Optional | The ApplyHtmlDisclaimerLocation parameter specifies where to insert the HTML disclaimer text in the body of messages. | Append / Prepend' ExceptIfMessageTypeMatches = 'String | Optional | The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type. | OOF / AutoForward / Encrypted / Calendaring / PermissionControlled / Voicemail / Signed / ApprovalRequest / ReadReceipt' SenderIpRanges = 'StringArray | Optional | The SenderIpRanges parameter specifies a condition that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.' ExceptIfMessageContainsDataClassifications = 'StringArray | Optional | DEPRECATED' ModerateMessageByUser = 'StringArray | Optional | The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users.' HasNoClassification = 'Boolean | Optional | The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications.' ExceptIfSenderInRecipientList = 'StringArray | Optional | This parameter is reserved for internal Microsoft use.' HeaderContainsMessageHeader = 'String | Optional | The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter.' RemoveHeader = 'String | Optional | The RemoveHeader parameter specifies an action that removes a header field from the message header.' HasClassification = 'String | Optional | The HasClassification parameter specifies a condition that looks for messages with the specified message classification.' MessageContainsDataClassifications = 'StringArray | Optional | DEPRECATED' ExceptIfFromMemberOf = 'StringArray | Optional | The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members.' RuleSubType = 'String | Optional | The RuleSubType parameter specifies the rule type. | Dlp / None' SentToScope = 'String | Optional | The SentToScope parameter specifies a condition that looks for the location of recipients. | InOrganization / NotInOrganization / ExternalPartner / ExternalNonPartner' AnyOfToCcHeaderMemberOf = 'StringArray | Optional | The AnyOfToCcHeaderMemberOf parameter specifies a condition that looks for group members in the To and Cc fields of messages.' SCLOver = 'String | Optional | The SCLOver parameter specifies a condition that looks for the SCL value of messages' ExceptIfAnyOfRecipientAddressContainsWords = 'StringArray | Optional | The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.' ExceptIfWithImportance = 'String | Optional | The ExceptIfWithImportance parameter specifies an exception that looks for messages with the specified importance level. | Low / Normal / High' ContentCharacterSetContainsWords = 'StringArray | Optional | The ContentCharacterSetContainsWords parameter specifies a condition that looks for character set names in messages.' SubjectContainsWords = 'StringArray | Optional | The SubjectContainsWords parameter specifies a condition that looks for words in the Subject field of messages.' RejectMessageEnhancedStatusCode = 'String | Optional | The RejectMessageEnhancedStatusCode parameter specifies the enhanced status code that''s used when the rule rejects messages.' SenderADAttributeMatchesPatterns = 'StringArray | Optional | The SenderADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in Active Directory attributes of message senders by using regular expressions.' ExceptIfSenderADAttributeMatchesPatterns = 'StringArray | Optional | The ExceptIfSenderADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in Active Directory attributes of message senders by using regular expressions.' IncidentReportContent = 'StringArray | Optional | The IncidentReportContent parameter specifies the message properties that are included in the incident report that''s generated when a message violates a DLP policy. ' FromMemberOf = 'StringArray | Optional | The FromMemberOf parameter specifies a condition that looks for messages sent by group members.' AttachmentContainsWords = 'StringArray | Optional | The AttachmentContainsWords parameter specifies a condition that looks for words in message attachments. ' ExceptIfSCLOver = 'String | Optional | The ExceptIfSCLOver parameter specifies an exception that looks for the SCL value of messages' ExceptIfBetweenMemberOf1 = 'StringArray | Optional | The ExceptIfBetweenMemberOf1 parameter specifies an exception that looks for messages that are sent between group members. ' GenerateNotification = 'String | Optional | The GenerateNotification parameter specifies an action that sends a notification message to recipients.' NotifySender = 'String | Optional | DEPRECATED | NotifyOnly / RejectMessage / RejectUnlessFalsePositiveOverride / RejectUnlessSilentOverride / RejectUnlessExplicitOverride' ExceptIfAttachmentIsPasswordProtected = 'Boolean | Optional | The ExceptIfAttachmentIsPasswordProtected parameter specifies an exception that looks for password protected files in messages (because the contents of the file can''t be inspected).' AddToRecipients = 'StringArray | Optional | The AddToRecipients parameter specifies an action that adds recipients to the To field of messages.' ExceptIfSenderManagementRelationship = 'String | Optional | The ExceptIfSenderManagementRelationship parameter specifies an exception that looks for the relationship between the sender and recipients in messages. | Manager / DirectReport' SetAuditSeverity = 'String | Optional | The SetAuditSeverity parameter specifies an action that sets the severity level of the incident report and the corresponding entry that''s written to the message tracking log when messages violate DLP policies. | DoNotAudit / Low / Medium / High' AttachmentPropertyContainsWords = 'StringArray | Optional | The AttachmentPropertyContainsWords parameter specifies a condition that looks for words in the properties of attached Office documents.' ExceptIfAnyOfToHeader = 'StringArray | Optional | The ExceptIfAnyOfToHeader parameter specifies an exception that looks for recipients in the To field of messages.' ApplyRightsProtectionCustomizationTemplate = 'String | Optional | The ApplyRightsProtectionCustomizationTemplate parameter specifies an action that applies a custom branding template for OME encrypted messages.' SetHeaderName = 'String | Optional | The SetHeaderName parameter specifies an action that adds or modifies a header field in the message header.' RouteMessageOutboundRequireTls = 'Boolean | Optional | The RouteMessageOutboundRequireTls parameter specifies an action that uses Transport Layer Security (TLS) encryption to deliver messages outside your organization.' RuleErrorAction = 'String | Optional | The RuleErrorAction parameter specifies what to do if rule processing can''t be completed on messages. | Ignore / Defer' FromScope = 'String | Optional | The FromScope parameter specifies a condition that looks for the location of message senders. | InOrganization / NotInOrganization' AttachmentNameMatchesPatterns = 'StringArray | Optional | The AttachmentNameMatchesPatterns parameter specifies a condition that looks for text patterns in the file name of message attachments by using regular expressions.' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition that looks for recipients in messages.' ExceptIfFromAddressMatchesPatterns = 'StringArray | Optional | The ExceptIfFromAddressMatchesPatterns parameter specifies an exception that looks for text patterns in the sender''s email address by using regular expressions.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the new rule is created as enabled or disabled.' AttachmentIsPasswordProtected = 'Boolean | Optional | The AttachmentIsPasswordProtected parameter specifies a condition that looks for password protected files in messages (because the contents of the file can''t be inspected).' ExceptIfManagerForEvaluatedUser = 'String | Optional | The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.' RemoveOMEv2 = 'Boolean | Optional | The RemoveOMEv2 parameter specifies an action that removes Office 365 Message Encryption from messages and their attachments.' ExceptIfFromAddressContainsWords = 'StringArray | Optional | The ExceptIfFromAddressContainsWords parameter specifies an exception that looks for words in the sender''s email address.' AttachmentHasExecutableContent = 'Boolean | Optional | The AttachmentHasExecutableContent parameter specifies a condition that looks for executable content in message attachments.' ExceptIfHasClassification = 'String | Optional | The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification.' RouteMessageOutboundConnector = 'String | Optional | The RouteMessageOutboundConnector parameter specifies an action that routes messages through the specified Outbound connector in Office 365.' ExceptIfAttachmentNameMatchesPatterns = 'StringArray | Optional | The ExceptIfAttachmentNameMatchesPatterns parameter specifies an exception that looks for text patterns in the file name of message attachments by using regular expressions.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains.' ExceptIfSenderDomainIs = 'StringArray | Optional | The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains.' SenderManagementRelationship = 'String | Optional | The SenderManagementRelationship parameter specifies a condition that looks for the relationship between the sender and recipients in messages. | Manager / DirectReport' ExceptIfBetweenMemberOf2 = 'StringArray | Optional | The ExceptIfBetweenMemberOf2 parameter specifies an exception that looks for messages that are sent between group members.' RedirectMessageTo = 'StringArray | Optional | The RedirectMessageTo parameter specifies a rule action that redirects messages to the specified recipients.' ApplyOME = 'Boolean | Optional | The ApplyOME parameter specifies an action that encrypts messages and their attachments by using Office 365 Message Encryption.' UniqueId = 'String | Required | Unique ID to identify this specific object' ExceptIfAttachmentSizeOver = 'String | Optional | The ExceptIfAttachmentSizeOver parameter specifies an exception that looks for messages where any attachment is greater than the specified size.' SenderDomainIs = 'StringArray | Optional | The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains.' MessageSizeOver = 'String | Optional | The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.' ApplyHtmlDisclaimerText = 'String | Optional | The ApplyHtmlDisclaimerText parameter specifies an action that adds the disclaimer text to messages.' ExceptIfAttachmentHasExecutableContent = 'Boolean | Optional | The ExceptIfAttachmentHasExecutableContent parameter specifies an exception that looks for executable content in message attachments.' ExceptIfAttachmentIsUnsupported = 'Boolean | Optional | The ExceptIfAttachmentIsUnsupported parameter specifies an exception that looks for unsupported file types in messages.' ExceptIfAnyOfRecipientAddressMatchesPatterns = 'StringArray | Optional | The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.' RemoveOME = 'Boolean | Optional | The RemoveOME parameter specifies an action that removes the previous version of Office 365 Message Encryption from messages and their attachments.' RejectMessageReasonText = 'String | Optional | The RejectMessageReasonText parameter specifies the explanation text that''s used when the rule rejects messages.' RecipientAddressContainsWords = 'StringArray | Optional | The RecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.' GenerateIncidentReport = 'String | Optional | The GenerateIncidentReport parameter specifies where to send the incident report that''s defined by the IncidentReportContent parameter.' FromAddressContainsWords = 'StringArray | Optional | The FromAddressContainsWords parameter specifies a condition that looks for words in the sender''s email address. ' AnyOfRecipientAddressMatchesPatterns = 'StringArray | Optional | The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.' RecipientAddressMatchesPatterns = 'StringArray | Optional | The RecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.' ExceptIfSubjectContainsWords = 'StringArray | Optional | The ExceptIfSubjectContainsWords parameter specifies an exception that looks for words in the Subject field of messages.' ApplyRightsProtectionTemplate = 'String | Optional | The ApplyRightsProtectionTemplate parameter specifies an action that applies rights management service (RMS) templates to messages. ' AnyOfToCcHeader = 'StringArray | Optional | The AnyOfToCcHeader parameter specifies a condition that looks for recipients in the To or Cc fields of messages.' ExceptIfSentToScope = 'String | Optional | The ExceptIfSentToScope parameter specifies an exception that looks for the location of a recipient. | InOrganization / NotInOrganization / ExternalPartner / ExternalNonPartner' ExceptIfAnyOfToCcHeaderMemberOf = 'StringArray | Optional | The ExceptIfAnyOfToCcHeaderMemberOf parameter specifies an exception that looks for group members in the To and Cc fields of messages.' ModerateMessageByManager = 'Boolean | Optional | The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that''s specified in the sender''s Manager attribute.' ADComparisonOperator = 'String | Optional | This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf. | Equal / NotEqual' BetweenMemberOf2 = 'StringArray | Optional | The BetweenMemberOf2 parameter specifies a condition that looks for messages that are sent between group members.' SubjectMatchesPatterns = 'StringArray | Optional | The SubjectMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field of messages by using regular expressions.' AttachmentProcessingLimitExceeded = 'Boolean | Optional | The AttachmentProcessingLimitExceeded parameter specifies a condition that looks for messages where attachment scanning didn''t complete.' ExceptIfAnyOfCcHeaderMemberOf = 'StringArray | Optional | The ExceptIfAnyOfCcHeaderMemberOf parameter specifies an exception that looks for group members in the Cc field of messages. You can use any value that uniquely identifies the group.' ExceptIfSubjectMatchesPatterns = 'StringArray | Optional | The ExceptIfSubjectMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field of messages by using regular expressions.' Name = 'String | Required | The Name parameter specifies the display name of the transport rule to be created. The maximum length is 64 characters.' ExceptIfRecipientAddressContainsWords = 'StringArray | Optional | The ExceptIfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.' HeaderMatchesMessageHeader = 'String | Optional | The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.' AnyOfToHeaderMemberOf = 'StringArray | Optional | The AnyOfToHeaderMemberOf parameter specifies a condition that looks for group members in the To field of messages.' HeaderContainsWords = 'StringArray | Optional | The HeaderContainsWords parameter specifies a condition that looks for words in a header field.' ManagerForEvaluatedUser = 'String | Optional | The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients. | Recipient / Sender' Comments = 'String | Optional | The Comments parameter specifies optional descriptive text for the rule. The length of the comment can''t exceed 1024 characters.' WithImportance = 'String | Optional | The WithImportance parameter specifies a condition that looks for messages with the specified importance level. | Low / Normal / High' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' AddManagerAsRecipientType = 'String | Optional | The AddManagerAsRecipientType parameter specifies an action that delivers or redirects messages to the user that''s defined in the sender''s Manager attribute. | To / Cc / Bcc / Redirect' ExceptIfADComparisonOperator = 'String | Optional | The ExceptIfADComparisonOperator parameter specifies the comparison operator for the ExceptIfADComparisonAttribute parameter. | Equal / NotEqual' ExceptIfAnyOfToHeaderMemberOf = 'StringArray | Optional | The ExceptIfAnyOfToHeaderMemberOf parameter specifies an exception that looks for group members in the To field of messages.' Mode = 'String | Optional | The Mode parameter specifies how the rule operates. | Audit / AuditAndNotify / Enforce' RecipientInSenderList = 'StringArray | Optional | This parameter is reserved for internal Microsoft use.' SubjectOrBodyMatchesPatterns = 'StringArray | Optional | The SubjectOrBodyMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field or body of messages.' ExceptIfAttachmentExtensionMatchesWords = 'StringArray | Optional | The ExceptIfAttachmentExtensionMatchesWords parameter specifies an exception that looks for words in the file name extensions of message attachments.' ExceptIfRecipientAddressMatchesPatterns = 'StringArray | Optional | The ExceptIfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.' ExceptIfHasNoClassification = 'Boolean | Optional | The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications.' ExceptIfSenderIpRanges = 'StringArray | Optional | The ExceptIfSenderIpRanges parameter specifies an exception that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.' ExceptIfRecipientADAttributeMatchesPatterns = 'StringArray | Optional | The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.' RecipientADAttributeContainsWords = 'StringArray | Optional | The RecipientADAttributeContainsWords parameter specifies a condition that looks for words in the Active Directory attributes of recipients. ' AttachmentIsUnsupported = 'Boolean | Optional | The AttachmentIsUnsupported parameter specifies a condition that looks for unsupported file types in messages.' ExpiryDate = 'String | Optional | The ExpiryDate parameter specifies when this rule will stop processing messages. The rule won''t take any action on messages after the specified date/time.' AttachmentExtensionMatchesWords = 'StringArray | Optional | The AttachmentExtensionMatchesWords parameter specifies a condition that looks for words in the file name extensions of message attachments.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.' ExceptIfManagerAddresses = 'StringArray | Optional | The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.' SenderInRecipientList = 'String | Optional | This parameter is reserved for internal Microsoft use.' ExceptIfAnyOfToCcHeader = 'StringArray | Optional | The ExceptIfAnyOfToCcHeader parameter specifies an exception that looks for recipients in the To or Cc fields of messages.' AttachmentMatchesPatterns = 'StringArray | Optional | The AttachmentMatchesPatterns parameter specifies a condition that looks for text patterns in the content of message attachments by using regular expressions.' DlpPolicy = 'String | Optional | The DlpPolicy parameter specifies the data loss prevention (DLP) policy that''s associated with the rule.' ManagerAddresses = 'StringArray | Optional | The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.' SenderAddressLocation = 'String | Optional | The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses. | Header / Envelope / HeaderOrEnvelope' CopyTo = 'StringArray | Optional | The CopyTo parameter specifies an action that adds recipients to the Cc field of messages.' SubjectOrBodyContainsWords = 'StringArray | Optional | The SubjectOrBodyContainsWords parameter specifies a condition that looks for words in the Subject field or body of messages.' ApplyClassification = 'String | Optional | The ApplyClassification parameter specifies an action that applies a message classification to messages. ' ExceptIfADComparisonAttribute = 'String | Optional | The ExceptIfADComparisonAttribute parameter specifies an exception that compares an Active Directory attribute between the sender and all recipients of the message.' SetHeaderValue = 'String | Optional | The SetHeaderValue parameter specifies an action that adds or modifies a header field in the message header.' Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the rule that determines the order of rule processing.' BetweenMemberOf1 = 'StringArray | Optional | The BetweenMemberOf1 parameter specifies a condition that looks for messages that are sent between group members.' ExceptIfMessageSizeOver = 'String | Optional | The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ' AnyOfCcHeader = 'StringArray | Optional | The AnyOfCcHeader parameter specifies a condition that looks for recipients in the Cc field of messages.' Ensure = 'String | Optional | Specify if the Transport Rule should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ExceptIfAttachmentProcessingLimitExceeded = 'Boolean | Optional | The ExceptIfAttachmentProcessingLimitExceeded parameter specifies an exception that looks for messages where attachment scanning didn''t complete.' FromAddressMatchesPatterns = 'StringArray | Optional | The FromAddressMatchesPatterns parameter specifies a condition that looks for text patterns in the sender''s email address by using regular expressions.' ExceptIfHeaderMatchesMessageHeader = 'String | Optional | The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter.' ExceptIfAttachmentContainsWords = 'StringArray | Optional | The ExceptIfAttachmentContainsWords parameter specifies an exception that looks for words in message attachments.' AnyOfToHeader = 'StringArray | Optional | The AnyOfToHeader parameter specifies a condition that looks for recipients in the To field of messages.' PrependSubject = 'String | Optional | The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages.' ExceptIfSubjectOrBodyContainsWords = 'StringArray | Optional | The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception that looks for words in the Subject field or body of messages.' MessageTypeMatches = 'String | Optional | The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type. | OOF / AutoForward / Encrypted / Calendaring / PermissionControlled / Voicemail / Signed / ApprovalRequest / ReadReceipt' ExceptIfAttachmentPropertyContainsWords = 'StringArray | Optional | The ExceptIfAttachmentPropertyContainsWords parameter specifies an exception that looks for words in the properties of attached Office documents. ' StopRuleProcessing = 'Boolean | Optional | The StopRuleProcessing parameter specifies an action that stops processing more rules.' ExceptIfHeaderContainsMessageHeader = 'String | Optional | The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter.' } ) } Intune = @{ AccountProtectionLocalAdministratorPasswordSolutionPolicies = @( @{ Description = 'String | Optional | Description of the account protection local administrator password solution policy.' DisplayName = 'String | Required | Display name of the account protection local administrator password solution policy.' AdPasswordEncryptionEnabled = 'Boolean | Optional | Configures whether the password is encrypted before being stored in Active Directory.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AdPasswordEncryptionPrincipal = 'String | Optional | Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.' PasswordLength = 'UInt32 | Optional | Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) PostAuthenticationActions = 'UInt32 | Optional | Specifies the actions to take upon expiration of the configured grace period. 1 - Reset password, 3 - Reset password and log off, 5 - Reset password and restart | 1 / 3 / 5' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' PasswordAgeDays_AAD = 'UInt32 | Optional | Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365' BackupDirectory = 'UInt32 | Optional | Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD | 0 / 1 / 2' PostAuthenticationResetDelay = 'UInt32 | Optional | Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24' PasswordAgeDays = 'UInt32 | Optional | Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365' Identity = 'String | Optional | Identity of the account protection local administrator password solution policy.' AdEncryptedPasswordHistorySize = 'UInt32 | Optional | Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12' AdministratorAccountName = 'String | Optional | Configures the name of the managed local administrator account.' PasswordExpirationProtectionEnabled = 'Boolean | Optional | Configures additional enforcement of maximum password age for the managed local administrator account.' PasswordComplexity = 'UInt32 | Optional | Configures the password complexity of the managed local administrator account. 1 - Large letters, 2 - Large + small letters, 3 - Large + small letters + numbers, 4 - Large + small letters + numbers + special characters | 1 / 2 / 3 / 4' } ) AccountProtectionLocalUserGroupMembershipPolicies = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the account protection rules policy.' LocalUserGroupCollection = @( @{ LocalGroups = 'StringArray | Optional | The local groups to add / remove the members to / from. List of the following values: `administrators`, `users`, `guests`, `powerusers`, `remotedesktopusers`, `remotemanagementusers`' Members = 'StringArray | Optional | The members to add / remove to / from the group. For AzureAD Users, use the format `AzureAD\<UserPrincipalName>`. For groups, use the security identifier (SID).' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Action = 'String | Optional | The action to use for adding / removing members. | add_update / remove_update / add_replace' UserSelectionType = 'String | Optional | The type of the selection. Either users / groups from AzureAD, or by manual identifier. | users / manual' } ) Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | Identity of the account protection policy.' DisplayName = 'String | Required | Display name of the account protection rules policy.' } ) AccountProtectionPolicies = @( @{ PinRecoveryEnabled = 'Boolean | Optional | If enabled, the PIN recovery secret will be stored on the device and the user can change their PIN if needed. If disabled or not configured, the recovery secret will not be created or stored.' SecurityDeviceRequired = 'Boolean | Optional | If you enable this policy setting, only devices with a usable TPM provision Windows Hello for Business. If you disable or do not configure this policy setting, the TPM is still preferred, but all devices provision Windows Hello for Business.' Description = 'String | Optional | Description of the account protection rules policy.' UseSecurityKeyForSignin = 'Boolean | Optional | Enable Windows Hello security key as a logon credential for all PCs in the tenant.' PinUppercaseCharactersUsage = 'String | Optional | If required, user PIN must include at least one uppercase letter. | notConfigured / blocked / required / allowed' DisplayName = 'String | Required | Display name of the account protection rules policy.' PinPreviousBlockCount = 'UInt32 | Optional | If configured, the user will not be able to reuse this number of previous PINs. (0, 50), 0 = Do not remember.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UseCertificatesForOnPremisesAuthEnabled = 'Boolean | Optional | If configured, Windows Hello for Business can use certificates to authenticate to on-premise resources.' UnlockWithBiometricsEnabled = 'Boolean | Optional | If allowed, Windows Hello for Business can authenticate using gestures, such as face and fingerprint. Users must still configure a PIN in case of failure.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' PinLowercaseCharactersUsage = 'String | Optional | If required, user PIN must include at least one lowercase letter. | notConfigured / blocked / required / allowed' Identity = 'String | Optional | Identity of the account protection policy.' PinExpirationInDays = 'UInt32 | Optional | If configured, the user will be forced to change their PIN after the set number of days. (0, 730), 0 = Never' WindowsHelloForBusinessBlocked = 'String | Optional | Block Windows Hello for Business. | notConfigured / true / false' DeviceGuardLocalSystemAuthorityCredentialGuardSettings = 'String | Optional | Setting this Disable will disable the use of Credential Guard, which is the Windows default. Setting this to Enable with UEFI lock will enable Credential Guard and not allow it to be disabled remotely, as the UEFI persisted configuration must be manually cleared. Setting this to Enable without UEFI lock will enable Credential Guard and allow it to be turned off without physical access to the machine. | notConfigured / disable / enableWithUEFILock / enableWithoutUEFILock' PinSpecialCharactersUsage = 'String | Optional | If required, user PIN must include at least one special character. | notConfigured / blocked / required / allowed' PinMaximumLength = 'UInt32 | Optional | Maximum PIN length must be between 4 and 127. (4-127)' EnhancedAntiSpoofingForFacialFeaturesEnabled = 'Boolean | Optional | If enabled, devices will use enhanced anti-spoofing, when available. If not configured, the client configuration for anti-spoofing will be honored.' PinMinimumLength = 'UInt32 | Optional | Minimum PIN length must be between 4 and 127. (4-127)' } ) AntivirusPoliciesWindows10SettingCatalog = @( @{ allownetworkprotectiondownlevel = 'String | Optional | Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature) | 0 / 1' disableappbrowserui = 'String | Optional | Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' disableaccountprotectionui = 'String | Optional | Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' severethreats = 'String | Optional | Allows an administrator to specify high severity threats corresponding action ID to take. | clean / quarantine / remove / allow / userdefined / block' disabletpmfirmwareupdatewarning = 'String | Optional | Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature) | 0 / 1' cloudextendedtimeout = 'SInt32 | Optional | This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it''s safe. Value type is integer, range is 0 - 50.' signatureupdatefilesharessources = 'StringArray | Optional | This policy setting allows you to configure UNC file share sources for downloading definition updates.' daystoretaincleanedmalware = 'SInt32 | Optional | Time period (in days) that quarantine items will be stored on the system.' disablecatchupfullscan = 'String | Optional | This policy setting allows you to configure catch-up scans for scheduled full scans. (1: disabled, 0: enabled) | 0 / 1' allowdatagramprocessingonwinserver = 'String | Optional | Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature) | 0 / 1' schedulequickscantime = 'SInt32 | Optional | Selects the time of day that the Windows Defender quick scan should run.' disablehealthui = 'String | Optional | Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' allowscanningnetworkfiles = 'String | Optional | Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature) | 0 / 1' allowioavprotection = 'String | Optional | Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature) | 0 / 1' url = 'String | Optional | The help portal URL that is displayed to users. The default browser is used to initiate this action.' disablehttpparsing = 'String | Optional | Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature) | 0 / 1' disablefamilyui = 'String | Optional | Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' securityintelligenceupdateschannel = 'String | Optional | Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad)) | 0 / 4 / 5' disablelocaladminmerge = 'String | Optional | This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge) | 0 / 1' excludedextensions = 'StringArray | Optional | Allows an administrator to specify a list of file type extensions to ignore during a scan.' enablelowcpupriority = 'String | Optional | This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature) | 0 / 1' signatureupdatefallbackorder = 'StringArray | Optional | This policy setting allows you to define the order in which different definition update sources should be contacted.' templateId = 'String | Optional | Template Id of the policy. | d948ff9b-99cb-4ee0-8012-1fbc09685377_1 / e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1 / 45fea5e9-280d-4da1-9792-fb5736da0ca9_1 / 804339ad-1553-4478-a742-138fb5807418_1' allowuseruiaccess = 'String | Optional | Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI) | 0 / 1' allowrealtimemonitoring = 'String | Optional | Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature) | 0 / 1' enableinappcustomization = 'String | Optional | Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' email = 'String | Optional | The email address that is displayed to users. The default mail application is used to initiate email actions.' moderateseveritythreats = 'String | Optional | Allows an administrator to specify moderate severity threats corresponding action ID to take. | clean / quarantine / remove / allow / userdefined / block' companyname = 'String | Optional | The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.' hideransomwaredatarecovery = 'String | Optional | Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' schedulescantime = 'SInt32 | Optional | Selects the time of day that the Windows Defender scan should run.' Description = 'String | Optional | Description of the endpoint protection policy for Windows 10.' disablenetworkui = 'String | Optional | Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' archivemaxsize = 'SInt32 | Optional | Specify the maximum size, in KB, of archive files to be extracted and scanned.' allowfullscanonmappednetworkdrives = 'String | Optional | Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature) | 0 / 1' hidewindowssecuritynotificationareacontrol = 'String | Optional | This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature) | 0 / 1' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' signatureupdateinterval = 'SInt32 | Optional | Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.' phone = 'String | Optional | The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.' DisplayName = 'String | Required | Display name of the endpoint protection policy for Windows 10.' disabledevicesecurityui = 'String | Optional | Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' tamperprotection = 'String | Optional | Allows or disallows scanning of archives. (0: enable feature. 1: disable feature) | 0 / 1' archivemaxdepth = 'SInt32 | Optional | Specify the maximum folder depth to extract from archive files for scanning.' engineupdateschannel = 'String | Optional | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | 0 / 2 / 3 / 4 / 5 / 6' checkforsignaturesbeforerunningscan = 'String | Optional | This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature) | 0 / 1' puaprotection = 'String | Optional | Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode) | 0 / 1 / 2' highseveritythreats = 'String | Optional | Allows an administrator to specify severe threats corresponding action ID to take. | clean / quarantine / remove / allow / userdefined / block' meteredconnectionupdates = 'String | Optional | Allow managed devices to update through metered connections. (0: disabled, 1: enabled)' allowemailscanning = 'String | Optional | Allows or disallows scanning of email. (0: disable feature. 1: enable feature) | 0 / 1' cloudblocklevel = 'String | Optional | This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level) | 0 / 2 / 4 / 6' disablecatchupquickscan = 'String | Optional | This policy setting allows you to configure catch-up scans for scheduled quick scans. (1: disabled, 0: enabled) | 0 / 1' enablecustomizedtoasts = 'String | Optional | Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature) | 0 / 1' disabletlsparsing = 'String | Optional | This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled) | 0 / 1' disablecleartpmbutton = 'String | Optional | Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature) | 0 / 1' excludedprocesses = 'StringArray | Optional | Allows an administrator to specify a list of files opened by processes to ignore during a scan.' allowonaccessprotection = 'String | Optional | Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature) | 0 / 1' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) realtimescandirection = 'String | Optional | Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files) | 0 / 1 / 2' avgcpuloadfactor = 'SInt32 | Optional | Represents the average CPU load factor for the Windows Defender scan (in percent).' schedulerrandomizationtime = 'SInt32 | Optional | This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.' disablevirusui = 'String | Optional | Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature) | 0 / 1' disableenhancednotifications = 'String | Optional | Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature) | 0 / 1' enablenetworkprotection = 'String | Optional | This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode) | 0 / 1 / 2' allowintrusionpreventionsystem = 'String | Optional | https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature) | 0 / 1' allowscriptscanning = 'String | Optional | Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature) | 0 / 1' allowfullscanremovabledrivescanning = 'String | Optional | Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature) | 0 / 1' excludedpaths = 'StringArray | Optional | Allows an administrator to specify a list of directory paths to ignore during a scan.' lowseveritythreats = 'String | Optional | Allows an administrator to specify low severity threats corresponding action ID to take. | clean / quarantine / remove / allow / userdefined / block' platformupdateschannel = 'String | Optional | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical) | 0 / 2 / 3 / 4 / 5 / 6' schedulescanday = 'String | Optional | Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan) | 0 / 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8' disablednsovertcpparsing = 'String | Optional | Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature) | 0 / 1' allowcloudprotection = 'String | Optional | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature) | 0 / 1' randomizescheduletasktimes = 'String | Optional | Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized) | 0 / 1' allowarchivescanning = 'String | Optional | Allows or disallows scanning of archives. (0: disable feature. 1: enable feature) | 0 / 1' Identity = 'String | Optional | Identity of the endpoint protection policy for Windows 10.' scanparameter = 'String | Optional | Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan) | 1 / 2' submitsamplesconsent = 'String | Optional | Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically) | 0 / 1 / 2 / 3' allowbehaviormonitoring = 'String | Optional | Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature) | 0 / 1' } ) AppConfigurationPolicies = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Id = 'String | Optional | Key of the entity. Read-Only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | Description of the app configuration policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CustomSettings = @( @{ name = 'String | Optional | Name of the custom setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' value = 'String | Optional | Value of the custom setting.' } ) DisplayName = 'String | Required | Display name of the app configuration policy.' } ) ApplicationControlPoliciesWindows10 = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the endpoint protection application control policy for Windows 10.' Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' AppLockerApplicationControl = 'String | Optional | App locker application control mode | notConfigured / enforceComponentsAndStoreApps / auditComponentsAndStoreApps / enforceComponentsStoreAppsAndSmartlocker / auditComponentsStoreAppsAndSmartlocker' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SmartScreenEnableInshell = 'Boolean | Optional | Enforce the use of SmartScreen for all users.' SmartScreenBlockOverrideForFiles = 'Boolean | Optional | Indicates whether or not SmartScreen will not present an option for the user to disregard the warning and run the app.' DisplayName = 'String | Required | Display name of the endpoint protection application control policy for Windows 10.' } ) AppProtectionPoliciesAndroid = @( @{ MinimumRequiredAppVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' ContactSyncBlocked = 'Boolean | Optional | Indicates whether contacts can be synced to the user''s device.' Description = 'String | Optional | Description of the Android App Protection Policy.' MinimumRequiredPatchVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' DisableAppEncryptionIfDeviceEncryptionIsEnabled = 'Boolean | Optional | Indicates whether or not the ''Encrypt org data on enrolled devices'' value is enabled. False = require. Only functions if EncryptAppData is set to True' Assignments = 'StringArray | Optional | List of IDs of the groups assigned to this Android Protection Policy.' DisplayName = 'String | Required | Display name of the Android App Protection Policy.' CustomBrowserDisplayName = 'String | Optional | The application name for browser associated with the ''Unmanaged Browser ID''. This name will be displayed to users if the specified browser is not installed.' RequireClass3Biometrics = 'Boolean | Optional | Require user to apply Class 3 Biometrics on their Android device.' AllowedInboundDataTransferSources = 'String | Optional | Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none. | allApps / managedApps / none' AllowedOutboundDataTransferDestinations = 'String | Optional | Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none. | allApps / managedApps / none' MaximumPinRetries = 'UInt32 | Optional | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.' MinimumWarningOSVersion = 'String | Optional | Versions less than the specified version will result in warning message on the managed app' FingerprintBlocked = 'Boolean | Optional | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.' PinRequired = 'Boolean | Optional | Indicates whether an app-level pin is required.' ManagedBrowserToOpenLinksRequired = 'Boolean | Optional | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for Android) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).' OrganizationalCredentialsRequired = 'Boolean | Optional | Indicates whether organizational credentials are required for app use.' SimplePinBlocked = 'Boolean | Optional | Block simple PIN and require complex PIN to be set.' PrintBlocked = 'Boolean | Optional | Indicates whether printing is allowed from managed apps.' PeriodOfflineBeforeWipeIsEnforced = 'String | Optional | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.' CustomBrowserPackageId = 'String | Optional | The application ID for a single browser. Web content (http/s) from policy managed applications will open in the specified browser.' ScreenCaptureBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from taking Screenshots.' AppGroupType = 'String | Optional | The apps controlled by this protection policy, overrides any values in Apps unless this value is ''selectedPublicApps''. | allApps / allMicrosoftApps / allCoreMicrosoftApps / selectedPublicApps' ManagedBrowser = 'String | Optional | Indicates in which managed browser(s) that internet links should be opened. Used in conjunction with CustomBrowserPackageId, CustomBrowserDisplayName and ManagedBrowserToOpenLinksRequired. Possible values are: notConfigured, microsoftEdge. | notConfigured / microsoftEdge' PeriodBeforePinReset = 'String | Optional | TimePeriod before the all-level pin must be reset if PinRequired is set to True.' EncryptAppData = 'Boolean | Optional | Indicates whether or not the ''Encrypt org data'' value is enabled. True = require' AllowedOutboundClipboardSharingLevel = 'String | Optional | The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. | allApps / managedAppsWithPasteIn / managedApps / blocked' AllowedDataStorageLocations = 'StringArray | Optional | Data storage locations where a user may store managed data.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' MinimumWarningPatchVersion = 'String | Optional | Versions less than the specified version will result in warning message on the managed app' DeviceComplianceRequired = 'Boolean | Optional | Indicates whether device compliance is required.' IsAssigned = 'Boolean | Optional | Indicates if the policy is deployed to any inclusion groups or not. Inherited from targetedManagedAppProtection.' MinimumPinLength = 'UInt32 | Optional | Minimum pin length required for an app-level pin if PinRequired is set to True.' Id = 'String | Optional | Id of the Intune policy. To avoid creation of duplicate policies DisplayName will be searched for if the ID is not found' DataBackupBlocked = 'Boolean | Optional | Indicates whether the backup of a managed app''s data is blocked.' Apps = 'StringArray | Optional | List of IDs representing the Android apps controlled by this protection policy.' MinimumRequiredOSVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' DisableAppPinIfDevicePinIsSet = 'Boolean | Optional | Indicates whether use of the app pin is required if the device pin is set.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RequirePinAfterBiometricChange = 'Boolean | Optional | A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.' MinimumWarningAppVersion = 'String | Optional | Versions less than the specified version will result in warning message on the managed app' PeriodOnlineBeforeAccessCheck = 'String | Optional | The period after which access is checked when the device is connected to the internet.' PinCharacterSet = 'String | Optional | Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol. | numeric / alphanumericAndSymbol' PeriodOfflineBeforeAccessCheck = 'String | Optional | The period after which access is checked when the device is not connected to the internet.' SaveAsBlocked = 'Boolean | Optional | Indicates whether users may use the Save As menu item to save a copy of protected files.' ExcludedGroups = 'StringArray | Optional | List of IDs of the groups that are excluded from this Android Protection Policy.' } ) AppProtectionPoliciesiOS = @( @{ FilterOpenInToOnlyManagedApps = 'Boolean | Optional | Defines if open-in operation is supported from the managed app to the filesharing locations selected. This setting only applies when AllowedOutboundDataTransferDestinations is set to ManagedApps and DisableProtectionOfManagedOutboundOpenInData is set to False.' ContactSyncBlocked = 'Boolean | Optional | Indicates whether contacts can be synced to the user''s device.' AppActionIfIosDeviceModelNotAllowed = 'String | Optional | Defines a managed app behavior, either block or wipe, if the specified device model is not allowed. | block / wipe / warn' TargetedAppManagementLevels = 'String | Optional | The intended app management levels for this policy. | unspecified / unmanaged / mdm / androidEnterprise' Identity = 'String | Optional | Identity of the iOS App Protection Policy.' Assignments = 'StringArray | Optional | List of IDs of the groups assigned to this iOS Protection Policy.' MinimumRequiredSdkVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' MinimumWipeOSVersion = 'String | Optional | Versions less than or equal to the specified version will wipe the managed app and the associated company data.' DisplayName = 'String | Required | Display name of the iOS App Protection Policy.' DisableProtectionOfManagedOutboundOpenInData = 'Boolean | Optional | Disable protection of data transferred to other apps through IOS OpenIn option. This setting is only allowed to be True when AllowedOutboundDataTransferDestinations is set to ManagedApps.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MinimumWipeAppVersion = 'String | Optional | Versions less than or equal to the specified version will wipe the managed app and the associated company data.' AllowedInboundDataTransferSources = 'String | Optional | Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none. | allApps / managedApps / none' DisableAppPinIfDevicePinIsSet = 'Boolean | Optional | Indicates whether use of the app pin is required if the device pin is set.' AllowedOutboundDataTransferDestinations = 'String | Optional | Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none. | allApps / managedApps / none' MaximumPinRetries = 'UInt32 | Optional | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.' AppDataEncryptionType = 'String | Optional | Require app data to be encrypted. | useDeviceSettings / afterDeviceRestart / whenDeviceLockedExceptOpenFiles / whenDeviceLocked' MinimumWarningOSVersion = 'String | Optional | Versions less than the specified version will result in warning message on the managed app from accessing company data.' PeriodBeforePinReset = 'String | Optional | TimePeriod before the all-level pin must be reset if PinRequired is set to True.' FaceIdBlocked = 'Boolean | Optional | Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True.' ProtectInboundDataFromUnknownSources = 'Boolean | Optional | Protect incoming data from unknown source. This setting is only allowed to be True when AllowedInboundDataTransferSources is set to AllApps.' PinRequired = 'Boolean | Optional | Indicates whether an app-level pin is required.' ManagedBrowserToOpenLinksRequired = 'Boolean | Optional | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).' OrganizationalCredentialsRequired = 'Boolean | Optional | Indicates whether organizational credentials are required for app use.' CustomBrowserProtocol = 'String | Optional | A custom browser protocol to open weblink on iOS.' PrintBlocked = 'Boolean | Optional | Indicates whether printing is allowed from managed apps.' AppActionIfDeviceComplianceRequired = 'String | Optional | Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true. | block / wipe / warn' FingerprintBlocked = 'Boolean | Optional | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.' Description = 'String | Optional | Description of the iOS App Protection Policy.' PinRequiredInsteadOfBiometricTimeout = 'String | Optional | Timeout in minutes for an app pin instead of non biometrics passcode .' ManagedBrowser = 'String | Optional | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Possible values are: notConfigured, microsoftEdge. | notConfigured / microsoftEdge' SimplePinBlocked = 'Boolean | Optional | Block simple PIN and require complex PIN to be set.' AllowedOutboundClipboardSharingLevel = 'String | Optional | The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. | allApps / managedAppsWithPasteIn / managedApps / blocked' AllowedDataStorageLocations = 'StringArray | Optional | Data storage locations where a user may store managed data.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ExemptedAppProtocols = 'StringArray | Optional | Apps in this list will be exempt from the policy and will be able to receive data from managed apps.' AllowedOutboundClipboardSharingExceptionLength = 'UInt32 | Optional | Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of ''0'' means no exception is allowed.' DeviceComplianceRequired = 'Boolean | Optional | Indicates whether device compliance is required.' PeriodOfflineBeforeWipeIsEnforced = 'String | Optional | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.' DataBackupBlocked = 'Boolean | Optional | Indicates whether the backup of a managed app''s data is blocked.' Apps = 'StringArray | Optional | List of IDs representing the iOS apps controlled by this protection policy.' MinimumRequiredOSVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' AllowedIosDeviceModels = 'StringArray | Optional | Semicolon seperated list of device models allowed, as a string, for the managed app to work.' PeriodOnlineBeforeAccessCheck = 'String | Optional | The period after which access is checked when the device is connected to the internet.' MinimumPinLength = 'UInt32 | Optional | Minimum pin length required for an app-level pin if PinRequired is set to True.' MinimumWarningAppVersion = 'String | Optional | Versions less than the specified version will result in warning message on the managed app from accessing company data.' AppActionIfMaximumPinRetriesExceeded = 'String | Optional | Defines a managed app behavior, either block or wipe, based on maximum number of incorrect pin retry attempts. | block / wipe / warn' MinimumWipeSdkVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' PinCharacterSet = 'String | Optional | Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol. | numeric / alphanumericAndSymbol' PeriodOfflineBeforeAccessCheck = 'String | Optional | The period after which access is checked when the device is not connected to the internet.' SaveAsBlocked = 'Boolean | Optional | Indicates whether users may use the Save As menu item to save a copy of protected files.' ExcludedGroups = 'StringArray | Optional | List of IDs of the groups that are excluded from this iOS Protection Policy.' MinimumRequiredAppVersion = 'String | Optional | Versions less than the specified version will block the managed app from accessing company data.' NotificationRestriction = 'String | Optional | Specify app notification restriction. | allow / blockOrganizationalData / block' } ) ASRRulesPoliciesWindows10 = @( @{ AttackSurfaceReductionExcludedPaths = 'StringArray | Optional | Exclude files and paths from attack surface reduction rules' UntrustedUSBProcessType = 'String | Optional | With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. | notConfigured / userDefined / block / auditMode / warn / disable' Description = 'String | Optional | Description of the endpoint protection attack surface protection rules policy for Windows 10.' UntrustedExecutableType = 'String | Optional | This rule blocks executable files that don''t meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching. | notConfigured / userDefined / block / auditMode / warn / disable' OfficeCommunicationAppsLaunchChildProcess = 'String | Optional | This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. | notConfigured / userDefined / enable / auditMode / warn / disable' DisplayName = 'String | Required | Display name of the endpoint protection attack surface protection rules policy for Windows 10.' Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' AdditionalGuardedFolders = 'StringArray | Optional | List of additional folders that need to be protected' PreventCredentialStealingType = 'String | Optional | This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS). | notConfigured / userDefined / enable / auditMode / warn' AccessTokens = 'StringArray | Optional | Access token used for authentication.' OfficeAppsLaunchChildProcessType = 'String | Optional | This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access. | notConfigured / userDefined / block / auditMode / warn / disable' GuardedFoldersAllowedAppPaths = 'StringArray | Optional | List of apps that have access to protected folders.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) OfficeAppsOtherProcessInjectionType = 'String | Optional | This rule blocks code injection attempts from Office apps into other processes. | notConfigured / userDefined / block / auditMode / warn / disable' ScriptObfuscatedMacroCodeType = 'String | Optional | This rule detects suspicious properties within an obfuscated script. | notConfigured / userDefined / block / auditMode / warn / disable' BlockPersistenceThroughWmiType = 'String | Optional | This rule prevents malware from abusing WMI to attain persistence on a device. | notConfigured / userDefined / block / auditMode / warn / disable' OfficeAppsExecutableContentCreationOrLaunchType = 'String | Optional | This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. | notConfigured / userDefined / block / auditMode / warn / disable' ProcessCreationType = 'String | Optional | This rule blocks processes created through PsExec and WMI from running. | notConfigured / userDefined / block / auditMode / warn / disable' AdvancedRansomewareProtectionType = 'String | Optional | This rule provides an extra layer of protection against ransomware. | notConfigured / userDefined / enable / auditMode' OfficeMacroCodeAllowWin32ImportsType = 'String | Optional | This rule prevents VBA macros from calling Win32 APIs. | notConfigured / userDefined / block / auditMode / warn / disable' AdobeReaderLaunchChildProcess = 'String | Optional | This rule prevents attacks by blocking Adobe Reader from creating processes. | notConfigured / userDefined / enable / auditMode / warn' Identity = 'String | Optional | Identity of the endpoint protection attack surface protection rules policy for Windows 10.' GuardMyFoldersType = 'String | Optional | This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps. | notConfigured / userDefined / enable / auditMode / blockDiskModification / auditDiskModification' ScriptDownloadedPayloadExecutionType = 'String | Optional | This rule prevents scripts from launching potentially malicious downloaded content. | notConfigured / userDefined / block / auditMode / warn / disable' EmailContentExecutionType = 'String | Optional | This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers. | notConfigured / userDefined / block / auditMode / warn / disable' } ) AttackSurfaceReductionRulesPoliciesWindows10ConfigManager = @( @{ BlockProcessCreationsFromPSExecAndWMICommands = 'String | Optional | This rule blocks processes created through PsExec and WMI from running. | off / block / audit / warn' BlockOfficeCommunicationAppFromCreatingChildProcesses = 'String | Optional | This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. | off / block / audit / warn' Description = 'String | Optional | Description of the endpoint protection attack surface protection rules policy for Windows 10.' DisplayName = 'String | Required | Display name of the endpoint protection attack surface protection rules policy for Windows 10.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' BlockExecutableContentFromEmailClientAndWebmail = 'String | Optional | This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers. | off / block / audit / warn' AttackSurfaceReductionOnlyExclusions = 'StringArray | Optional | Exclude files and paths from attack surface reduction rules' UseAdvancedProtectionAgainstRansomware = 'String | Optional | This rule provides an extra layer of protection against ransomware. | off / block / audit / warn' ControlledFolderAccessAllowedApplications = 'StringArray | Optional | List of apps that have access to protected folders.' BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent = 'String | Optional | This rule prevents scripts from launching potentially malicious downloaded content. | off / block / audit / warn' EnableControlledFolderAccess = 'String | Optional | This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps.values 0:disable, 1:enable, 2:audit | 0 / 1 / 2' BlockAllOfficeApplicationsFromCreatingChildProcesses = 'String | Optional | This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access. | off / block / audit / warn' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses = 'String | Optional | This rule blocks code injection attempts from Office apps into other processes. | off / block / audit / warn' BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem = 'String | Optional | This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS). | off / block / audit / warn' Identity = 'String | Optional | Identity of the endpoint protection attack surface protection rules policy for Windows 10.' ControlledFolderAccessProtectedFolders = 'StringArray | Optional | List of additional folders that need to be protected' BlockUntrustedUnsignedProcessesThatRunFromUSB = 'String | Optional | With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. | off / block / audit / warn' BlockWin32APICallsFromOfficeMacros = 'String | Optional | This rule prevents VBA macros from calling Win32 APIs. | off / block / audit / warn' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion = 'String | Optional | This rule blocks executable files that don''t meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching. | off / block / audit / warn' BlockPersistenceThroughWMIEventSubscription = 'String | Optional | This rule prevents malware from abusing WMI to attain persistence on a device. | off / block / audit / warn' BlockAbuseOfExploitedVulnerableSignedDrivers = 'String | Optional | This rule prevents an application from writing a vulnerable signed driver to disk. | off / block / audit / warn' BlockExecutionOfPotentiallyObfuscatedScripts = 'String | Optional | This rule detects suspicious properties within an obfuscated script. | off / block / audit / warn' BlockOfficeApplicationsFromCreatingExecutableContent = 'String | Optional | This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. | off / block / audit / warn' BlockAdobeReaderFromCreatingChildProcesses = 'String | Optional | This rule prevents attacks by blocking Adobe Reader from creating processes. | off / block / audit / warn' } ) DeviceAndAppManagementAssignmentFilters = @( @{ Description = 'String | Optional | Description of the Assignment Filter.' Platform = 'String | Optional | Platform type of the devices on which the Assignment Filter will be applicable. | android / androidForWork / iOS / macOS / windowsPhone81 / windows81AndLater / windows10AndLater / androidWorkProfile / unknown / androidAOSP / androidMobileApplicationManagement / iOSMobileApplicationManagement / unknownFutureValue' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | Key of the Assignment Filter.' Rule = 'String | Optional | Rule definition of the Assignment Filter.' DisplayName = 'String | Required | DisplayName of the Assignment Filter.' } ) DeviceCategories = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Description of the device category.' DisplayName = 'String | Required | Display name of the device category.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Present ensures the category exists, absent ensures it is removed. | Present / Absent' } ) DeviceCleanupRule = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Enabled = 'Boolean | Required | Indicates whether the cleanup rule is enabled.' Ensure = 'String | Optional | Present ensures the category exists, absent ensures it is removed. | Present / Absent' DeviceInactivityBeforeRetirementInDays = 'UInt32 | Optional | Number of days until Intune devices are deleted. Minimum: 30, Maximum: 270.' } DeviceCompliancePoliciesAndroid = @( @{ SecurityDisableUsbDebugging = 'Boolean | Optional | SecurityDisableUsbDebugging of the Android device compliance policy.' Description = 'String | Optional | Description of the Android device compliance policy.' StorageRequireEncryption = 'Boolean | Optional | StorageRequireEncryption of the Android device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Display name of the Android device compliance policy.' RestrictedApps = 'String | Optional | RestrictedApps of the Android device compliance policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RequiredPasswordComplexity = 'String | Optional | RequiredPasswordComplexity of the Android device compliance policy. | none / low / medium / high' OsMaximumVersion = 'String | Optional | OsMaximumVersion of the Android device compliance policy.' SecurityRequireSafetyNetAttestationBasicIntegrity = 'Boolean | Optional | SecurityRequireSafetyNetAttestationBasicIntegrity of the Android device compliance policy.' SecurityBlockJailbrokenDevices = 'Boolean | Optional | SecurityBlockJailbrokenDevices of the Android device compliance policy.' MinAndroidSecurityPatchLevel = 'String | Optional | MinAndroidSecurityPatchLevel of the Android device compliance policy.' SecurityRequireUpToDateSecurityProviders = 'Boolean | Optional | SecurityRequireUpToDateSecurityProviders of the Android device compliance policy.' SecurityRequireVerifyApps = 'Boolean | Optional | SecurityRequireVerifyApps of the Android device compliance policy.' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | DeviceThreatProtectionRequiredSecurityLevel of the Android device compliance policy. | unavailable / secured / low / medium / high / notSet' RoleScopeTagIds = 'String | Optional | RoleScopeTagIds of the Android device compliance policy.' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | PasswordSignInFailureCountBeforeFactoryReset of the Android device compliance policy.' SecurityBlockDeviceAdministratorManagedDevices = 'Boolean | Optional | SecurityBlockDeviceAdministratorManagedDevices of the Android device compliance policy.' PasswordExpirationDays = 'UInt32 | Optional | PasswordExpirationDays of the Android device compliance policy.' AdvancedThreatProtectionRequiredSecurityLevel = 'String | Optional | AdvancedThreatProtectionRequiredSecurityLevel of the Android device compliance policy. | unavailable / secured / low / medium / high / notSet' SecurityRequireGooglePlayServices = 'Boolean | Optional | SecurityRequireGooglePlayServices of the Android device compliance policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ConditionStatementId = 'String | Optional | ConditionStatementId of the Android device compliance policy.' PasswordRequired = 'Boolean | Optional | PasswordRequired of the Android device compliance policy.' PasswordMinimumLength = 'UInt32 | Optional | PasswordMinimumLength of the Android device compliance policy.' SecurityRequireSafetyNetAttestationCertifiedDevice = 'Boolean | Optional | SecurityRequireSafetyNetAttestationCertifiedDevice of the Android device compliance policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' SecurityRequireCompanyPortalAppIntegrity = 'Boolean | Optional | SecurityRequireCompanyPortalAppIntegrity of the Android device compliance policy.' SecurityPreventInstallAppsFromUnknownSources = 'Boolean | Optional | SecurityPreventInstallAppsFromUnknownSources of the Android device compliance policy.' OsMinimumVersion = 'String | Optional | OsMinimumVersion of the Android device compliance policy.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | PasswordPreviousPasswordBlockCount of the Android device compliance policy.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the Android device compliance policy.' PasswordRequiredType = 'String | Optional | PasswordRequiredType of the Android device compliance policy. | deviceDefault / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / numeric / numericComplex / any' PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasswordMinutesOfInactivityBeforeLock of the Android device compliance policy.' } ) DeviceCompliancePoliciesAndroidDeviceOwner = @( @{ PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasswordMinutesOfInactivityBeforeLock of the Android Device Owner device compliance policy.' Description = 'String | Optional | Description of the Android Device Owner device compliance policy.' osMaximumVersion = 'String | Optional | osMaximumVersion of the Android Device Owner device compliance policy.' DisplayName = 'String | Required | Display name of the Android Device Owner device compliance policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' passwordRequired = 'Boolean | Optional | PasswordRequired of the Android Device Owner device compliance policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' passwordMinimumLength = 'UInt32 | Optional | PasswordMinimumLength of the Android Device Owner device compliance policy.' RoleScopeTagIds = 'StringArray | Optional | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | DeviceThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.' osMinimumVersion = 'String | Optional | osMinimumVersion of the Android Device Owner device compliance policy.' AdvancedThreatProtectionRequiredSecurityLevel = 'String | Optional | AdvancedThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.' PasswordExpirationDays = 'UInt32 | Optional | PasswordExpirationDays of the Android Device Owner device compliance policy.' PasswordRequiredType = 'String | Optional | PasswordRequiredType of the Android Device Owner device compliance policy. | deviceDefault / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / numeric / numericComplex / any' PasswordPreviousPasswordCountToBlock = 'UInt32 | Optional | PasswordPreviousPasswordCountToBlock of the Android Device Owner device compliance policy.' SecurityRequireSafetyNetAttestationCertifiedDevice = 'Boolean | Optional | SecurityRequireSafetyNetAttestationCertifiedDevice of the Android Device Owner device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) SecurityRequireSafetyNetAttestationBasicIntegrity = 'Boolean | Optional | SecurityRequireSafetyNetAttestationBasicIntegrity of the Android Device Owner device compliance policy.' SecurityRequireIntuneAppIntegrity = 'Boolean | Optional | SecurityRequireIntuneAppIntegrity of the Android Device Owner device compliance policy.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the Android Device Owner device compliance policy.' StorageRequireEncryption = 'Boolean | Optional | StorageRequireEncryption of the Android Device Owner device compliance policy.' } ) DeviceCompliancePoliciesAndroidWorkProfile = @( @{ SecurityDisableUsbDebugging = 'Boolean | Optional | SecurityDisableUsbDebugging of the AndroidWorkProfile device compliance policy.' Description = 'String | Optional | Description of the AndroidWorkProfile device compliance policy.' StorageRequireEncryption = 'Boolean | Optional | StorageRequireEncryption of the AndroidWorkProfile device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Display name of the AndroidWorkProfile device compliance policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' OsMaximumVersion = 'String | Optional | OsMaximumVersion of the AndroidWorkProfile device compliance policy.' SecurityRequireSafetyNetAttestationBasicIntegrity = 'Boolean | Optional | SecurityRequireSafetyNetAttestationBasicIntegrity of the AndroidWorkProfile device compliance policy.' SecurityBlockJailbrokenDevices = 'Boolean | Optional | SecurityBlockJailbrokenDevices of the AndroidWorkProfile device compliance policy.' MinAndroidSecurityPatchLevel = 'String | Optional | MinAndroidSecurityPatchLevel of the AndroidWorkProfile device compliance policy.' SecurityRequireUpToDateSecurityProviders = 'Boolean | Optional | SecurityRequireUpToDateSecurityProviders of the AndroidWorkProfile device compliance policy.' SecurityRequireVerifyApps = 'Boolean | Optional | SecurityRequireVerifyApps of the AndroidWorkProfile device compliance policy.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the AndroidWorkProfile device compliance policy.' RoleScopeTagIds = 'String | Optional | RoleScopeTagIds of the AndroidWorkProfile device compliance policy.' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | PasswordSignInFailureCountBeforeFactoryReset of the AndroidWorkProfile device compliance policy.' PasswordExpirationDays = 'UInt32 | Optional | PasswordExpirationDays of the AndroidWorkProfile device compliance policy.' AdvancedThreatProtectionRequiredSecurityLevel = 'String | Optional | AdvancedThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy. | unavailable / secured / low / medium / high / notSet' SecurityRequireGooglePlayServices = 'Boolean | Optional | SecurityRequireGooglePlayServices of the AndroidWorkProfile device compliance policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' PasswordRequired = 'Boolean | Optional | PasswordRequired of the AndroidWorkProfile device compliance policy.' PasswordMinimumLength = 'UInt32 | Optional | PasswordMinimumLength of the AndroidWorkProfile device compliance policy.' SecurityRequireSafetyNetAttestationCertifiedDevice = 'Boolean | Optional | SecurityRequireSafetyNetAttestationCertifiedDevice of the AndroidWorkProfile device compliance policy.' SecurityRequiredAndroidSafetyNetEvaluationType = 'String | Optional | Require a specific SafetyNet evaluation type for compliance. | basic / hardwareBacked' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | DeviceThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy. | unavailable / secured / low / medium / high / notSet' UniqueId = 'String | Required | Unique ID to identify this specific object' SecurityRequireCompanyPortalAppIntegrity = 'Boolean | Optional | SecurityRequireCompanyPortalAppIntegrity of the AndroidWorkProfile device compliance policy.' SecurityPreventInstallAppsFromUnknownSources = 'Boolean | Optional | SecurityPreventInstallAppsFromUnknownSources of the AndroidWorkProfile device compliance policy.' OsMinimumVersion = 'String | Optional | OsMinimumVersion of the AndroidWorkProfile device compliance policy.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | PasswordPreviousPasswordBlockCount of the AndroidWorkProfile device compliance policy.' PasswordRequiredType = 'String | Optional | PasswordRequiredType of the AndroidWorkProfile device compliance policy. | deviceDefault / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / numeric / numericComplex / any' PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasswordMinutesOfInactivityBeforeLock of the AndroidWorkProfile device compliance policy.' } ) DeviceCompliancePoliciesiOs = @( @{ PasscodeBlockSimple = 'Boolean | Optional | PasscodeBlockSimple of the iOS device compliance policy.' PasscodeMinimumCharacterSetCount = 'UInt32 | Optional | PasscodeMinimumCharacterSetCount of the iOS device compliance policy.' OsMinimumBuildVersion = 'String | Optional | Minimum IOS build version.' Description = 'String | Optional | Description of the iOS device compliance policy.' PasscodeRequired = 'Boolean | Optional | PasscodeRequired of the iOS device compliance policy.' DisplayName = 'String | Required | Display name of the iOS device compliance policy.' PasscodeMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Minutes of inactivity before the screen times out.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PasscodeExpirationDays = 'UInt32 | Optional | PasscodeExpirationDays of the iOS device compliance policy.' OsMaximumVersion = 'String | Optional | OsMaximumVersion of the iOS device compliance policy.' RestrictedApps = @( @{ publisher = 'String | Optional | The publisher of the application.' appId = 'String | Optional | The application or bundle identifier of the application.' name = 'String | Optional | The application name.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' appStoreUrl = 'String | Optional | The Store URL of the application.' } ) OsMinimumVersion = 'String | Optional | OsMinimumVersion of the iOS device compliance policy.' AdvancedThreatProtectionRequiredSecurityLevel = 'String | Optional | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. | unavailable / secured / low / medium / high / notSet' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | Require Mobile Threat Protection minimum risk level to report noncompliance. | unavailable / secured / low / medium / high / notSet' PasscodeMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasscodeMinutesOfInactivityBeforeLock of the iOS device compliance policy.' PasscodePreviousPasscodeBlockCount = 'UInt32 | Optional | PasscodePreviousPasscodeBlockCount of the iOS device compliance policy.' PasscodeRequiredType = 'String | Optional | PasscodeRequiredType of the iOS device compliance policy. | deviceDefault / alphanumeric / numeric' PasscodeMinimumLength = 'UInt32 | Optional | PasscodeMinimumLength of the iOS device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) OsMaximumBuildVersion = 'String | Optional | Maximum IOS build version.' SecurityBlockJailbrokenDevices = 'Boolean | Optional | SecurityBlockJailbrokenDevices of the iOS device compliance policy.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the iOS device compliance policy.' ManagedEmailProfileRequired = 'Boolean | Optional | ManagedEmailProfileRequired of the iOS device compliance policy.' } ) DeviceCompliancePoliciesMacOS = @( @{ FirewallEnableStealthMode = 'Boolean | Optional | FirewallEnableStealthMode of the MacOS device compliance policy.' OsMaximumBuildVersion = 'String | Optional | Maximum MacOS build version.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the MacOS device compliance policy.' FirewallBlockAllIncoming = 'Boolean | Optional | FirewallBlockAllIncoming of the MacOS device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Display name of the MacOS device compliance policy.' PasswordMinimumLength = 'UInt32 | Optional | PasswordMinimumLength of the MacOS device compliance policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' OsMaximumVersion = 'String | Optional | OsMaximumVersion of the MacOS device compliance policy.' StorageRequireEncryption = 'Boolean | Optional | StorageRequireEncryption of the MacOS device compliance policy.' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | DeviceThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy. | Unavailable / Secured / Low / Medium / High / NotSet' PasswordBlockSimple = 'Boolean | Optional | PasswordBlockSimple of the MacOS device compliance policy.' PasswordExpirationDays = 'UInt32 | Optional | PasswordExpirationDays of the MacOS device compliance policy.' FirewallEnabled = 'Boolean | Optional | FirewallEnabled of the MacOS device compliance policy.' AdvancedThreatProtectionRequiredSecurityLevel = 'String | Optional | AdvancedThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy. | Unavailable / Secured / Low / Medium / High / NotSet' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | Description of the MacOS device compliance policy.' PasswordRequired = 'Boolean | Optional | PasswordRequired of the MacOS device compliance policy.' SystemIntegrityProtectionEnabled = 'Boolean | Optional | SystemIntegrityProtectionEnabled of the MacOS device compliance policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' OsMinimumBuildVersion = 'String | Optional | Minimum MacOS build version.' OsMinimumVersion = 'String | Optional | OsMinimumVersion of the MacOS device compliance policy.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | PasswordPreviousPasswordBlockCount of the MacOS device compliance policy.' PasswordRequiredType = 'String | Optional | PasswordRequiredType of the MacOS device compliance policy. | DeviceDefault / Alphanumeric / Numeric' PasswordMinimumCharacterSetCount = 'UInt32 | Optional | PasswordMinimumCharacterSetCount of the MacOS device compliance policy.' PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasswordMinutesOfInactivityBeforeLock of the MacOS device compliance policy.' GatekeeperAllowedAppSource = 'String | Optional | System and Privacy setting that determines which download locations apps can be run from on a macOS device. | notConfigured / macAppStore / macAppStoreAndIdentifiedDevelopers / anywhere' } ) DeviceCompliancePoliciesWindows10 = @( @{ MobileOsMinimumVersion = 'String | Optional | MobileOsMinimumVersion of the Windows 10 device compliance policy.' OsMaximumVersion = 'String | Optional | OsMaximumVersion of the Windows 10 device compliance policy.' TPMRequired = 'Boolean | Optional | TPMRequired of the Windows 10 device compliance policy.' Description = 'String | Optional | Description of the Windows 10 device compliance policy.' StorageRequireEncryption = 'Boolean | Optional | StorageRequireEncryption of the Windows 10 device compliance policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) RequireHealthyDeviceReport = 'Boolean | Optional | RequireHealthyDeviceReport of the Windows 10 device compliance policy.' DisplayName = 'String | Required | Display name of the Windows 10 device compliance policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ActiveFirewallRequired = 'Boolean | Optional | ActiveFirewallRequired of the Windows 10 device compliance policy.' AntivirusRequired = 'Boolean | Optional | AntivirusRequired of the Windows 10 device compliance policy.' PasswordRequiredToUnlockFromIdle = 'Boolean | Optional | PasswordRequiredToUnlockFromIdle of the Windows 10 device compliance policy.' RTPEnabled = 'Boolean | Optional | RTPEnabled of the Windows 10 device compliance policy.' ValidOperatingSystemBuildRanges = 'StringArray | Optional | ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy.' PasswordBlockSimple = 'Boolean | Optional | PasswordBlockSimple of the Windows 10 device compliance policy.' SecureBootEnabled = 'Boolean | Optional | SecureBootEnabled of the Windows 10 device compliance policy.' AntiSpywareRequired = 'Boolean | Optional | AntiSpywareRequired of the Windows 10 device compliance policy.' DefenderVersion = 'String | Optional | DefenderVersion of the Windows 10 device compliance policy.' CodeIntegrityEnabled = 'Boolean | Optional | CodeIntegrityEnabled of the Windows 10 device compliance policy.' SignatureOutOfDate = 'Boolean | Optional | SignatureOutOfDate of the Windows 10 device compliance policy.' PasswordRequiredType = 'String | Optional | PasswordRequiredType of the Windows 10 device compliance policy. | DeviceDefault / Alphanumeric / Numeric' DeviceThreatProtectionRequiredSecurityLevel = 'String | Optional | DeviceThreatProtectionRequiredSecurityLevel of the Windows 10 device compliance policy. | Unavailable / Secured / Low / Medium / High / NotSet' DeviceCompliancePolicyScript = 'String | Optional | DeviceCompliancePolicyScript of the Windows 10 device compliance policy.' PasswordExpirationDays = 'UInt32 | Optional | PasswordExpirationDays of the Windows 10 device compliance policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' PasswordRequired = 'Boolean | Optional | PasswordRequired of the Windows 10 device compliance policy.' PasswordMinimumLength = 'UInt32 | Optional | PasswordMinimumLength of the Windows 10 device compliance policy.' DefenderEnabled = 'Boolean | Optional | DefenderEnabled of the Windows 10 device compliance policy.' MobileOsMaximumVersion = 'String | Optional | MobileOsMaximumVersion of the Windows 10 device compliance policy.' EarlyLaunchAntiMalwareDriverEnabled = 'Boolean | Optional | EarlyLaunchAntiMalwareDriverEnabled of the Windows 10 device compliance policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' OsMinimumVersion = 'String | Optional | OsMinimumVersion of the Windows 10 device compliance policy.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | PasswordPreviousPasswordBlockCount of the Windows 10 device compliance policy.' DeviceThreatProtectionEnabled = 'Boolean | Optional | DeviceThreatProtectionEnabled of the Windows 10 device compliance policy.' ConfigurationManagerComplianceRequired = 'Boolean | Optional | ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy.' BitLockerEnabled = 'Boolean | Optional | BitLockerEnabled of the Windows 10 device compliance policy.' PasswordMinimumCharacterSetCount = 'UInt32 | Optional | PasswordMinimumCharacterSetCount of the Windows 10 device compliance policy.' PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | PasswordMinutesOfInactivityBeforeLock of the Windows 10 device compliance policy.' } ) DeviceConfigurationAdministrativeTemplatePoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | User provided description for the resource object.' DefinitionValues = @( @{ ConfigurationType = 'String | Optional | Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference. | policy / preference' PresentationValues = @( @{ BooleanValue = 'Boolean | Optional | A value for the associated presentation.' StringValue = 'String | Optional | A value for the associated presentation.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' DecimalValue = 'UInt64 | Optional | A value for the associated presentation.' odataType = 'String | Optional | A value for the associated presentation. | #microsoft.graph.groupPolicyPresentationValueBoolean / #microsoft.graph.groupPolicyPresentationValueDecimal / #microsoft.graph.groupPolicyPresentationValueList / #microsoft.graph.groupPolicyPresentationValueLongDecimal / #microsoft.graph.groupPolicyPresentationValueMultiText / #microsoft.graph.groupPolicyPresentationValueText' PresentationDefinitionLabel = 'String | Optional | The label of the presentation definition. Read-only.' KeyValuePairValues = @( @{ Name = 'String | Optional | Name for this key-value pair.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Value for this key-value pair.' } ) PresentationDefinitionId = 'String | Optional | The unique identifier for presentation definition. Read-only.' StringValues = 'StringArray | Optional | A list of pairs for the associated presentation.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' Definition = @{ CategoryPath = 'String | Optional | The localized full category path for the policy.' PolicyType = 'String | Optional | Specifies the type of group policy. Possible values are: admxBacked, admxIngested. | admxBacked / admxIngested' SupportedOn = 'String | Optional | Localized string used to specify what operating system or application version is affected by the policy.' MinDeviceCspVersion = 'String | Optional | Minimum required CSP version for device configuration in this definition' MinUserCspVersion = 'String | Optional | Minimum required CSP version for user configuration in this definition' ExplainText = 'String | Optional | The localized explanation or help text associated with the policy. The default value is empty.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' ClassType = 'String | Optional | Identifies the type of groups the policy can be applied to. Possible values are: user, machine. | user / machine' GroupPolicyCategoryId = 'String | Optional | The category id of the parent category' HasRelatedDefinitions = 'Boolean | Optional | Signifies whether or not there are related definitions to this definition' DisplayName = 'String | Optional | The localized policy name.' } Enabled = 'Boolean | Optional | Enables or disables the associated group policy definition.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PolicyConfigurationIngestionType = 'String | Optional | Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue. | unknown / custom / builtIn / mixed / unknownFutureValue' DisplayName = 'String | Required | User provided name for the resource object.' } ) DeviceConfigurationCustomPoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Admin provided description of the Device Configuration.' DisplayName = 'String | Required | Admin provided name of the device configuration.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' OmaSettings = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' FileName = 'String | Optional | File name associated with the Value property (.cer' Description = 'String | Optional | Description.' OmaUri = 'String | Optional | OMA.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.omaSettingBase64 / #microsoft.graph.omaSettingBoolean / #microsoft.graph.omaSettingDateTime / #microsoft.graph.omaSettingFloatingPoint / #microsoft.graph.omaSettingInteger / #microsoft.graph.omaSettingString / #microsoft.graph.omaSettingStringXml' SecretReferenceValueId = 'String | Optional | ReferenceId for looking up secret for decryption. This property is read-only.' Value = 'String | Optional | Value. (Base64 encoded string)' IsReadOnly = 'Boolean | Optional | By setting to true, the CSP (configuration service provider) specified in the OMA-URI will perform a get, instead of set' IsEncrypted = 'Boolean | Optional | Indicates whether the value field is encrypted. This property is read-only.' DisplayName = 'String | Optional | Display Name.' } ) } ) DeviceConfigurationDefenderForEndpointOnboardingPoliciesWindows10 = @( @{ Description = 'String | Optional | Admin provided description of the Device Configuration.' AdvancedThreatProtectionAutoPopulateOnboardingBlob = 'Boolean | Optional | Auto populate onboarding blob programmatically from Advanced Threat protection service' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnableExpeditedTelemetryReporting = 'Boolean | Optional | Expedite Windows Defender Advanced Threat Protection telemetry reporting frequency.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) AdvancedThreatProtectionOnboardingBlob = 'String | Optional | Windows Defender AdvancedThreatProtection Onboarding Blob.' AdvancedThreatProtectionOffboardingBlob = 'String | Optional | Windows Defender AdvancedThreatProtection Offboarding Blob.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AdvancedThreatProtectionOnboardingFilename = 'String | Optional | Name of the file from which AdvancedThreatProtectionOnboardingBlob was obtained.' AllowSampleSharing = 'Boolean | Optional | Windows Defender AdvancedThreatProtection ''Allow Sample Sharing'' Rule' Id = 'String | Optional | The unique identifier for an entity. Read-only.' AdvancedThreatProtectionOffboardingFilename = 'String | Optional | Name of the file from which AdvancedThreatProtectionOffboardingBlob was obtained.' } ) DeviceConfigurationDeliveryOptimizationPoliciesWindows10 = @( @{ CacheServerForegroundDownloadFallbackToHttpDelayInSeconds = 'UInt32 | Optional | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a foreground download. Valid values 0 to 2592000.' GroupIdSource = @{ GroupIdCustom = 'String | Optional | Specifies an arbitrary group ID that the device belongs to' GroupIdSourceOption = 'String | Optional | Set this policy to restrict peer selection to a specific source. Possible values are: notConfigured, adSite, authenticatedDomainSid, dhcpUserOption, dnsSuffix. | notConfigured / adSite / authenticatedDomainSid / dhcpUserOption / dnsSuffix' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deliveryOptimizationGroupIdCustom / #microsoft.graph.deliveryOptimizationGroupIdSourceOptions' } Id = 'String | Optional | The unique identifier for an entity. Read-only.' ModifyCacheLocation = 'String | Optional | Specifies the drive that Delivery Optimization should use for its cache.' CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds = 'UInt32 | Optional | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a background download. Valid values 0 to 2592000.' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CacheServerHostNames = 'StringArray | Optional | Specifies cache servers host names.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) BandwidthMode = @{ MaximumDownloadBandwidthInKilobytesPerSecond = 'UInt64 | Optional | Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. Valid values 0 to 4294967295' BandwidthBackgroundPercentageHours = @{ BandwidthBeginBusinessHours = 'UInt32 | Optional | Specifies the beginning of business hours using a 24-hour clock (0-23). Valid values 0 to 23' BandwidthPercentageOutsideBusinessHours = 'UInt32 | Optional | Specifies the percentage of bandwidth to limit outsidse business hours (0-100). Valid values 0 to 100' BandwidthPercentageDuringBusinessHours = 'UInt32 | Optional | Specifies the percentage of bandwidth to limit during business hours (0-100). Valid values 0 to 100' BandwidthEndBusinessHours = 'UInt32 | Optional | Specifies the end of business hours using a 24-hour clock (0-23). Valid values 0 to 23' } MaximumForegroundBandwidthPercentage = 'UInt32 | Optional | Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100 The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Valid values 0 to 100' BandwidthForegroundPercentageHours = @{ BandwidthBeginBusinessHours = 'UInt32 | Optional | Specifies the beginning of business hours using a 24-hour clock (0-23). Valid values 0 to 23' BandwidthPercentageOutsideBusinessHours = 'UInt32 | Optional | Specifies the percentage of bandwidth to limit outsidse business hours (0-100). Valid values 0 to 100' BandwidthPercentageDuringBusinessHours = 'UInt32 | Optional | Specifies the percentage of bandwidth to limit during business hours (0-100). Valid values 0 to 100' BandwidthEndBusinessHours = 'UInt32 | Optional | Specifies the end of business hours using a 24-hour clock (0-23). Valid values 0 to 23' } MaximumBackgroundBandwidthPercentage = 'UInt32 | Optional | Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100' MaximumUploadBandwidthInKilobytesPerSecond = 'UInt64 | Optional | Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization (0-4000000). Valid values 0 to 4000000 The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). Valid values 0 to 4000000' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deliveryOptimizationBandwidthAbsolute / #microsoft.graph.deliveryOptimizationBandwidthHoursWithPercentage / #microsoft.graph.deliveryOptimizationBandwidthPercentage' } DeliveryOptimizationMode = 'String | Optional | Specifies the download method that delivery optimization can use to manage network bandwidth consumption for large content distribution scenarios. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode. | userDefined / httpOnly / httpWithPeeringNat / httpWithPeeringPrivateGroup / httpWithInternetPeering / simpleDownload / bypassMode' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ForegroundDownloadFromHttpDelayInSeconds = 'UInt64 | Optional | Specifies number of seconds to delay an HTTP source in a foreground download that is allowed to use peer-to-peer (0-86400). Valid values 0 to 86400 Specifying 0 sets Delivery Optimization to manage this setting using the cloud service. Valid values 0 to 86400' MaximumCacheSize = @{ MaximumCacheSizePercentage = 'UInt32 | Optional | Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). Valid values 1 to 100' MaximumCacheSizeInGigabytes = 'UInt64 | Optional | Specifies the maximum size in GB of Delivery Optimization cache. Valid values 0 to 4294967295' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute / #microsoft.graph.deliveryOptimizationMaxCacheSizePercentage' } BackgroundDownloadFromHttpDelayInSeconds = 'UInt64 | Optional | Specifies number of seconds to delay an HTTP source in a background download that is allowed to use peer-to-peer. Valid values 0 to 4294967295' MinimumRamAllowedToPeerInGigabytes = 'UInt32 | Optional | Specifies the minimum RAM size in GB to use Peer Caching (1-100000). Valid values 1 to 100000' VpnPeerCaching = 'String | Optional | Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | notConfigured / enabled / disabled' Description = 'String | Optional | Admin provided description of the Device Configuration.' MaximumCacheAgeInDays = 'UInt32 | Optional | Specifies the maximum time in days that each file is held in the Delivery Optimization cache after downloading successfully (0-3650). Valid values 0 to 3650' MinimumDiskSizeAllowedToPeerInGigabytes = 'UInt32 | Optional | Specifies the minimum disk size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 64 GB to 256 GB. Valid values 1 to 100000' RestrictPeerSelectionBy = 'String | Optional | Specifies to restrict peer selection via selected option. | notConfigured / subnetMask' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' MinimumBatteryPercentageAllowedToUpload = 'UInt32 | Optional | Specifies the minimum battery percentage to allow the device to upload data (0-100). Valid values 0 to 100 The default value is 0. The value 0 (zero) means ''not limited'' and the cloud service default value will be used. Valid values 0 to 100' MinimumFileSizeToCacheInMegabytes = 'UInt32 | Optional | Specifies the minimum content file size in MB enabled to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 1 MB to 100,000 MB. Valid values 1 to 100000' } ) DeviceConfigurationDomainJoinPoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ComputerNameSuffixRandomCharCount = 'UInt32 | Optional | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14' Description = 'String | Optional | Admin provided description of the Device Configuration.' ActiveDirectoryDomainName = 'String | Optional | Active Directory domain name to join.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' ComputerNameStaticPrefix = 'String | Optional | Fixed prefix to be used for computer name.' OrganizationalUnit = 'String | Optional | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain.' DisplayName = 'String | Required | Admin provided name of the device configuration.' } ) DeviceConfigurationEmailProfilePoliciesWindows10 = @( @{ SyncCalendar = 'Boolean | Optional | Whether or not to sync the calendar.' Description = 'String | Optional | Admin provided description of the Device Configuration.' CustomDomainName = 'String | Optional | Custom domain name value used while generating an email profile before installing on the device.' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EmailSyncSchedule = 'String | Optional | Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage. | userDefined / asMessagesArrive / manual / fifteenMinutes / thirtyMinutes / sixtyMinutes / basedOnMyUsage' UsernameSource = 'String | Optional | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. | userPrincipalName / primarySmtpAddress' UsernameAADSource = 'String | Optional | Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. | userPrincipalName / primarySmtpAddress / samAccountName' EmailAddressSource = 'String | Optional | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. | userPrincipalName / primarySmtpAddress' SyncTasks = 'Boolean | Optional | Whether or not to sync tasks.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' UserDomainNameSource = 'String | Optional | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName. | fullDomainName / netBiosDomainName' HostName = 'String | Optional | Exchange location that (URL) that the native mail app connects to.' RequireSsl = 'Boolean | Optional | Indicates whether or not to use SSL.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DurationOfEmailToSync = 'String | Optional | Duration of email to sync. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. | userDefined / oneDay / threeDays / oneWeek / twoWeeks / oneMonth / unlimited' SyncContacts = 'Boolean | Optional | Whether or not to sync contacts.' AccountName = 'String | Optional | Account name.' } ) DeviceConfigurationEndpointProtectionPoliciesWindows10 = @( @{ LocalSecurityOptionsClearVirtualMemoryPageFile = 'Boolean | Optional | This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.' SmartScreenEnableInShell = 'Boolean | Optional | Allows IT Admins to configure SmartScreen for Windows.' ApplicationGuardForceAuditing = 'Boolean | Optional | Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)' DefenderEnableLowCpuPriority = 'Boolean | Optional | This policy setting allows you to enable or disable low CPU priority for scheduled scans.' UserRightsChangeSystemTime = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = 'Boolean | Optional | Enable all elevation requests to go to the interactive user''s desktop rather than the secure desktop. Prompt behavior policy settings for admins and standard users are used.' UserRightsIncreaseSchedulingPriority = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } UserRightsRestoreData = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderAllowOnAccessProtection = 'Boolean | Optional | Allows or disallows Windows Defender On Access Protection functionality.' ApplicationGuardAllowPrintToPDF = 'Boolean | Optional | Allow printing to PDF from Container' LocalSecurityOptionsUseAdminApprovalMode = 'Boolean | Optional | Defines whether the built-in admin account uses Admin Approval Mode or runs all apps with full admin privileges.Default is enabled' FirewallPreSharedKeyEncodingMethod = 'String | Optional | Select the preshared key encoding to be used. Possible values are: deviceDefault, none, utF8. | deviceDefault / none / utF8' UserRightsDelegation = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderDisableScanDownloads = 'Boolean | Optional | Allows or disallows Windows Defender IOAVP Protection functionality.' UserRightsDebugPrograms = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsLogOnMessageTitle = 'String | Optional | Set message title for users attempting to log in.' UserRightsBackupData = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderSecurityCenterDisableAppBrowserUI = 'Boolean | Optional | Used to disable the display of the app and browser protection area.' DefenderDisableOnAccessProtection = 'Boolean | Optional | Allows or disallows Windows Defender On Access Protection functionality.' DefenderBlockPersistenceThroughWmiType = 'String | Optional | Value indicating the behavior ofBlock persistence through WMI event subscription. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DefenderDisableScanNetworkFiles = 'Boolean | Optional | Allows or disallows a scanning of network files.' DefenderDisableCatchupQuickScan = 'Boolean | Optional | This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.' LocalSecurityOptionsStandardUserElevationPromptBehavior = 'String | Optional | Define the behavior of the elevation prompt for standard users. Possible values are: notConfigured, automaticallyDenyElevationRequests, promptForCredentialsOnTheSecureDesktop, promptForCredentials. | notConfigured / automaticallyDenyElevationRequests / promptForCredentialsOnTheSecureDesktop / promptForCredentials' DefenderScanMaxCpuPercentage = 'UInt32 | Optional | Represents the average CPU load factor for the Windows Defender scan (in percent). The default value is 50. Valid values 0 to 100' UserRightsGenerateSecurityAudits = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderSecurityCenterDisableClearTpmUI = 'Boolean | Optional | Used to disable the display of the Clear TPM button.' DefenderEnableScanIncomingMail = 'Boolean | Optional | Allows or disallows scanning of email.' DefenderAdobeReaderLaunchChildProcess = 'String | Optional | Value indicating the behavior of Adobe Reader from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DefenderDisableCloudProtection = 'Boolean | Optional | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.' LocalSecurityOptionsSmartCardRemovalBehavior = 'String | Optional | This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. Possible values are: noAction, lockWorkstation, forceLogoff, disconnectRemoteDesktopSession. | noAction / lockWorkstation / forceLogoff / disconnectRemoteDesktopSession' DefenderOfficeCommunicationAppsLaunchChildProcess = 'String | Optional | Value indicating the behavior of Office communication applications, including Microsoft Outlook, from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' XboxServicesAccessoryManagementServiceStartupMode = 'String | Optional | This setting determines whether the Accessory management service''s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled. | manual / automatic / disabled' DefenderScriptObfuscatedMacroCodeType = 'String | Optional | Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' XboxServicesEnableXboxGameSaveTask = 'Boolean | Optional | This setting determines whether xbox game save is enabled (1) or disabled (0).' UserRightsCreateGlobalObjects = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsMachineInactivityLimit = 'UInt32 | Optional | Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999' LocalSecurityOptionsDisableGuestAccount = 'Boolean | Optional | Determines if the Guest account is enabled or disabled.' LocalSecurityOptionsLogOnMessageText = 'String | Optional | Set message text for users attempting to log in.' ApplicationGuardCertificateThumbprints = 'StringArray | Optional | Allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container.' DefenderCloudBlockLevel = 'String | Optional | Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. This feature requires the ''Join Microsoft MAPS'' setting enabled in order to function. Possible values are: notConfigured, high, highPlus, zeroTolerance. | notConfigured / high / highPlus / zeroTolerance' DefenderProcessCreationType = 'String | Optional | Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' UserRightsLocalLogOn = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = 'Boolean | Optional | If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.' UserRightsProfileSingleProcess = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderPotentiallyUnwantedAppAction = 'String | Optional | Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsUseAdminApprovalModeForAdministrators = 'Boolean | Optional | Define whether Admin Approval Mode and all UAC policy settings are enabled, default is enabled' DefenderDisableRealTimeMonitoring = 'Boolean | Optional | Allows or disallows Windows Defender Realtime Monitoring functionality.' DefenderSecurityCenterNotificationsFromApp = 'String | Optional | Notifications to show from the displayed areas of app. Possible values are: notConfigured, blockNoncriticalNotifications, blockAllNotifications. | notConfigured / blockNoncriticalNotifications / blockAllNotifications' LocalSecurityOptionsAdministratorAccountName = 'String | Optional | Define a different account name to be associated with the security identifier (SID) for the account ''Administrator''.' DefenderSecurityCenterDisableAccountUI = 'Boolean | Optional | Used to disable the display of the account protection area.' UserRightsBlockAccessFromNetwork = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderEmailContentExecutionType = 'String | Optional | Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DefenderAllowScanNetworkFiles = 'Boolean | Optional | Allows or disallows a scanning of network files.' LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = 'Boolean | Optional | This security setting determines what additional permissions will be granted for anonymous connections to the computer.' DefenderProcessCreation = 'String | Optional | Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsDoNotRequireCtrlAltDel = 'Boolean | Optional | Require CTRL+ALT+DEL to be pressed before a user can log on.' ApplicationGuardBlockNonEnterpriseContent = 'Boolean | Optional | Block enterprise sites to load non-enterprise content, such as third party plug-ins' LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = 'Boolean | Optional | This security setting determines whether to allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares.' ApplicationGuardAllowPersistence = 'Boolean | Optional | Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.)' LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = 'Boolean | Optional | Restrict installing printer drivers as part of connecting to a shared printer to admins only.' UserRightsCreatePageFile = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsBlockMicrosoftAccounts = 'Boolean | Optional | Prevent users from adding new Microsoft accounts to this computer.' DmaGuardDeviceEnumerationPolicy = 'String | Optional | This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. Possible values are: deviceDefault, blockAll, allowAll. | deviceDefault / blockAll / allowAll' DefenderOfficeAppsOtherProcessInjectionType = 'String | Optional | Value indicating the behavior ofOffice applications injecting into other processes. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' LocalSecurityOptionsGuestAccountName = 'String | Optional | Define a different account name to be associated with the security identifier (SID) for the account ''Guest''.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' DefenderDetectedMalwareActions = @{ LowSeverity = 'String | Optional | Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' SevereSeverity = 'String | Optional | Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' ModerateSeverity = 'String | Optional | Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' HighSeverity = 'String | Optional | Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' } LanManagerWorkstationDisableInsecureGuestLogons = 'Boolean | Optional | If enabled,the SMB client will allow insecure guest logons. If not configured, the SMB client will reject insecure guest logons.' DefenderScheduledScanTime = 'String | Optional | Selects the time of day that the Windows Defender scan should run.' DefenderAllowIntrusionPreventionSystem = 'Boolean | Optional | Allows or disallows Windows Defender Intrusion Prevention functionality.' DefenderSecurityCenterDisableRansomwareUI = 'Boolean | Optional | Used to disable the display of the ransomware protection area.' BitLockerRecoveryPasswordRotation = 'String | Optional | This setting initiates a client-driven recovery password rotation after an OS drive recovery (either by using bootmgr or WinRE). Possible values are: notConfigured, disabled, enabledForAzureAd, enabledForAzureAdAndHybrid. | notConfigured / disabled / enabledForAzureAd / enabledForAzureAdAndHybrid' DefenderOfficeMacroCodeAllowWin32Imports = 'String | Optional | Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DefenderSecurityCenterDisableSecureBootUI = 'Boolean | Optional | Used to disable the display of the secure boot area under Device security.' UserRightsAllowAccessFromNetwork = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderAllowScanRemovableDrivesDuringFullScan = 'Boolean | Optional | Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.' UserRightsCreateToken = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderAllowScanScriptsLoadedInInternetExplorer = 'Boolean | Optional | Allows or disallows Windows Defender Script Scanning functionality.' DefenderSecurityCenterDisableVirusUI = 'Boolean | Optional | Used to disable the display of the virus and threat protection area.' UserRightsAccessCredentialManagerAsTrustedCaller = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } LocalSecurityOptionsAllowUIAccessApplicationElevation = 'Boolean | Optional | Allow UIAccess apps to prompt for elevation without using the secure desktop.' DefenderDisableScanScriptsLoadedInInternetExplorer = 'Boolean | Optional | Allows or disallows Windows Defender Script Scanning functionality.' LocalSecurityOptionsAdministratorElevationPromptBehavior = 'String | Optional | Define the behavior of the elevation prompt for admins in Admin Approval Mode. Possible values are: notConfigured, elevateWithoutPrompting, promptForCredentialsOnTheSecureDesktop, promptForConsentOnTheSecureDesktop, promptForCredentials, promptForConsent, promptForConsentForNonWindowsBinaries. | notConfigured / elevateWithoutPrompting / promptForCredentialsOnTheSecureDesktop / promptForConsentOnTheSecureDesktop / promptForCredentials / promptForConsent / promptForConsentForNonWindowsBinaries' UserRightsCreatePermanentSharedObjects = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } UserRightsManageAuditingAndSecurityLogs = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } FirewallMergeKeyingModuleSettings = 'Boolean | Optional | If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set' LocalSecurityOptionsAllowPKU2UAuthenticationRequests = 'Boolean | Optional | Block PKU2U authentication requests to this device to use online identities.' DefenderCloudExtendedTimeoutInSeconds = 'UInt32 | Optional | Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it''s safe. Value type is integer, range is 0 - 50. This feature depends on three other MAPS settings the must all be enabled- ''Configure the ''Block at First Sight'' feature ''Join Microsoft MAPS'' ''Send file samples when further analysis is required''. Valid values 0 to 50' FirewallIPSecExemptionsAllowICMP = 'Boolean | Optional | Configures IPSec exemptions to allow ICMP' DefenderAllowEndUserAccess = 'Boolean | Optional | Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.' DefenderScriptDownloadedPayloadExecution = 'String | Optional | Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' Description = 'String | Optional | Admin provided description of the Device Configuration.' DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = 'Boolean | Optional | Used to disable the display of update TPM Firmware when a vulnerable firmware is detected.' DefenderSignatureUpdateIntervalInHours = 'UInt32 | Optional | Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Valid values 0 to 24' DefenderExploitProtectionXmlFileName = 'String | Optional | Name of the file from which DefenderExploitProtectionXml was obtained.' ApplicationGuardBlockFileTransfer = 'String | Optional | Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile. | notConfigured / blockImageAndTextFile / blockImageFile / blockNone / blockTextFile' LocalSecurityOptionsClientDigitallySignCommunicationsAlways = 'Boolean | Optional | This security setting determines whether packet signing is required by the SMB client component.' DefenderScriptObfuscatedMacroCode = 'String | Optional | Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DefenderOfficeMacroCodeAllowWin32ImportsType = 'String | Optional | Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' LocalSecurityOptionsDisableAdministratorAccount = 'Boolean | Optional | Determines whether the Local Administrator account is enabled or disabled.' FirewallProfileDomain = @{ PolicyRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' InboundNotificationsBlocked = 'Boolean | Optional | Prevents the firewall from displaying notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' OutboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' GlobalPortRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' ConnectionSecurityRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsRequired = 'Boolean | Optional | Configures the firewall to allow unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' PolicyRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsBlocked = 'Boolean | Optional | Configures the firewall to block unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' IncomingTrafficRequired = 'Boolean | Optional | Configures the firewall to allow incoming traffic pursuant to other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' IncomingTrafficBlocked = 'Boolean | Optional | Configures the firewall to block all incoming traffic regardless of other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' ConnectionSecurityRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' StealthModeRequired = 'Boolean | Optional | Allow the server to operate in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' InboundNotificationsRequired = 'Boolean | Optional | Allows the firewall to display notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' AuthorizedApplicationRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' InboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' OutboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' StealthModeBlocked = 'Boolean | Optional | Prevent the server from operating in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' GlobalPortRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' SecuredPacketExemptionBlocked = 'Boolean | Optional | Configures the firewall to block the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' SecuredPacketExemptionAllowed = 'Boolean | Optional | Configures the firewall to allow the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' InboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' FirewallEnabled = 'String | Optional | Configures the host device to allow or block the firewall and advanced security enforcement for the network profile. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' AuthorizedApplicationRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' } DefenderSecurityCenterDisableTroubleshootingUI = 'Boolean | Optional | Used to disable the display of the security process troubleshooting under Device security.' FirewallBlockStatefulFTP = 'Boolean | Optional | Blocks stateful FTP connections to the device' DefenderOfficeAppsExecutableContentCreationOrLaunchType = 'String | Optional | Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DefenderEmailContentExecution = 'String | Optional | Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' UserRightsModifyFirmwareEnvironment = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } ApplicationGuardAllowFileSaveOnHost = 'Boolean | Optional | Allow users to download files from Edge in the application guard container and save them on the host file system' DefenderOfficeAppsExecutableContentCreationOrLaunch = 'String | Optional | Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = 'String | Optional | This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption. | none / requireNtmlV2SessionSecurity / require128BitEncryption / ntlmV2And128BitEncryption' DefenderSubmitSamplesConsentType = 'String | Optional | Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically. | sendSafeSamplesAutomatically / alwaysPrompt / neverSend / sendAllSamplesAutomatically' LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = 'Boolean | Optional | App installations requiring elevated privileges will prompt for admin credentials.Default is enabled' DefenderDisableIntrusionPreventionSystem = 'Boolean | Optional | Allows or disallows Windows Defender Intrusion Prevention functionality.' DefenderDisableCatchupFullScan = 'Boolean | Optional | This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.' BitLockerDisableWarningForOtherDiskEncryption = 'Boolean | Optional | Allows the Admin to disable the warning prompt for other disk encryption on the user machines.' XboxServicesLiveNetworkingServiceStartupMode = 'String | Optional | This setting determines whether Networking service''s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled. | manual / automatic / disabled' DefenderScriptDownloadedPayloadExecutionType = 'String | Optional | Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' UserRightsTakeOwnership = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } FirewallProfilePublic = @{ PolicyRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' InboundNotificationsBlocked = 'Boolean | Optional | Prevents the firewall from displaying notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' OutboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' GlobalPortRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' ConnectionSecurityRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsRequired = 'Boolean | Optional | Configures the firewall to allow unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' PolicyRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsBlocked = 'Boolean | Optional | Configures the firewall to block unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' IncomingTrafficRequired = 'Boolean | Optional | Configures the firewall to allow incoming traffic pursuant to other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' IncomingTrafficBlocked = 'Boolean | Optional | Configures the firewall to block all incoming traffic regardless of other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' ConnectionSecurityRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' StealthModeRequired = 'Boolean | Optional | Allow the server to operate in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' InboundNotificationsRequired = 'Boolean | Optional | Allows the firewall to display notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' AuthorizedApplicationRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' InboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' OutboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' StealthModeBlocked = 'Boolean | Optional | Prevent the server from operating in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' GlobalPortRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' SecuredPacketExemptionBlocked = 'Boolean | Optional | Configures the firewall to block the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' SecuredPacketExemptionAllowed = 'Boolean | Optional | Configures the firewall to allow the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' InboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' FirewallEnabled = 'String | Optional | Configures the host device to allow or block the firewall and advanced security enforcement for the network profile. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' AuthorizedApplicationRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' } LocalSecurityOptionsOnlyElevateSignedExecutables = 'Boolean | Optional | Enforce PKI certification path validation for a given executable file before it is permitted to run.' FirewallIPSecExemptionsAllowRouterDiscovery = 'Boolean | Optional | Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes' BitLockerFixedDrivePolicy = @{ RecoveryOptions = @{ RecoveryInformationToStore = 'String | Optional | Configure what pieces of BitLocker recovery information are stored to AD DS. Possible values are: passwordAndKey, passwordOnly. | passwordAndKey / passwordOnly' HideRecoveryOptions = 'Boolean | Optional | Indicates whether or not to allow showing recovery options in BitLocker Setup Wizard for fixed or system disk.' BlockDataRecoveryAgent = 'Boolean | Optional | Indicates whether to block certificate-based data recovery agent.' RecoveryKeyUsage = 'String | Optional | Indicates whether users are allowed or required to generate a 256-bit recovery key for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' EnableBitLockerAfterRecoveryInformationToStore = 'Boolean | Optional | Indicates whether or not to enable BitLocker until recovery information is stored in AD DS.' EnableRecoveryInformationSaveToStore = 'Boolean | Optional | Indicates whether or not to allow BitLocker recovery information to store in AD DS.' RecoveryPasswordUsage = 'String | Optional | Indicates whether users are allowed or required to generate a 48-digit recovery password for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' } RequireEncryptionForWriteAccess = 'Boolean | Optional | This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.' EncryptionMethod = 'String | Optional | Select the encryption method for fixed drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | aesCbc128 / aesCbc256 / xtsAes128 / xtsAes256' } UserRightsCreateSymbolicLinks = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } SmartScreenBlockOverrideForFiles = 'Boolean | Optional | Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.' LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = 'Boolean | Optional | This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. Its not stored by default.' DefenderCheckForSignaturesBeforeRunningScan = 'Boolean | Optional | This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.' DefenderSecurityCenterHelpEmail = 'String | Optional | The email address that is displayed to users.' FirewallRules = @( @{ LocalAddressRanges = 'StringArray | Optional | List of local addresses covered by the rule. Default is any address. Valid tokens include:'''' indicates any local address. If present, this must be the only token included.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of ''start address - end address'' with no spaces included.An IPv6 address range in the format of ''start address - end address'' with no spaces included.' Description = 'String | Optional | The description of the rule.' InterfaceTypes = 'StringArray | Optional | The interface types of the rule. Possible values are: notConfigured, remoteAccess, wireless, lan. | notConfigured / remoteAccess / wireless / lan' RemotePortRanges = 'StringArray | Optional | List of remote port ranges. For example, ''100-120'', ''200'', ''300-320''. If not specified, the default is All.' DisplayName = 'String | Optional | The display name of the rule. Does not need to be unique.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ServiceName = 'String | Optional | The name used in cases when a service, not an application, is sending or receiving traffic.' FilePath = 'String | Optional | The full file path of an app that''s affected by the firewall rule.' LocalUserAuthorizations = 'String | Optional | Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.' Protocol = 'UInt32 | Optional | 0-255 number representing the IP protocol (TCP = 6, UDP = 17). If not specified, the default is All. Valid values 0 to 255' TrafficDirection = 'String | Optional | The traffic direction that the rule is enabled for. If not specified, the default is Out. Possible values are: notConfigured, out, in. | notConfigured / out / in' RemoteAddressRanges = 'StringArray | Optional | List of tokens specifying the remote addresses covered by the rule. Tokens are case insensitive. Default is any address. Valid tokens include:'''' indicates any remote address. If present, this must be the only token included.''Defaultgateway''''DHCP''''DNS''''WINS''''Intranet'' (supported on Windows versions 1809+)''RmtIntranet'' (supported on Windows versions 1809+)''Internet'' (supported on Windows versions 1809+)''Ply2Renders'' (supported on Windows versions 1809+)''LocalSubnet'' indicates any local address on the local subnet.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of ''start address - end address'' with no spaces included.An IPv6 address range in the format of ''start address - end address'' with no spaces included.' PackageFamilyName = 'String | Optional | The package family name of a Microsoft Store application that''s affected by the firewall rule.' Action = 'String | Optional | The action the rule enforces. If not specified, the default is Allowed. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalPortRanges = 'StringArray | Optional | List of local port ranges. For example, ''100-120'', ''200'', ''300-320''. If not specified, the default is All.' ProfileTypes = 'String | Optional | Specifies the profiles to which the rule belongs. If not specified, the default is All. Possible values are: notConfigured, domain, private, public. | notConfigured / domain / private / public' EdgeTraversal = 'String | Optional | Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' } ) ApplicationGuardAllowVirtualGPU = 'Boolean | Optional | Allow application guard to use virtual GPU' Id = 'String | Optional | The unique identifier for an entity. Read-only.' DefenderSecurityCenterOrganizationDisplayName = 'String | Optional | The company name that is displayed to the users.' BitLockerRemovableDrivePolicy = @{ RequireEncryptionForWriteAccess = 'Boolean | Optional | Indicates whether to block write access to devices configured in another organization. If requireEncryptionForWriteAccess is false, this value does not affect.' BlockCrossOrganizationWriteAccess = 'Boolean | Optional | This policy setting determines whether BitLocker protection is required for removable data drives to be writable on a computer.' EncryptionMethod = 'String | Optional | Select the encryption method for removable drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | aesCbc128 / aesCbc256 / xtsAes128 / xtsAes256' } LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = 'Boolean | Optional | Allow UIAccess apps to prompt for elevation without using the secure desktop.Default is enabled' DefenderFileExtensionsToExclude = 'StringArray | Optional | File extensions to exclude from scans and real time protection.' LocalSecurityOptionsHideLastSignedInUser = 'Boolean | Optional | Do not display the username of the last person who signed in on this device.' DefenderSecurityCenterHelpPhone = 'String | Optional | The phone number or Skype ID that is displayed to users.' LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = 'String | Optional | This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption. | none / requireNtmlV2SessionSecurity / require128BitEncryption / ntlmV2And128BitEncryption' XboxServicesLiveAuthManagerServiceStartupMode = 'String | Optional | This setting determines whether Live Auth Manager service''s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled. | manual / automatic / disabled' DefenderAdditionalGuardedFolders = 'StringArray | Optional | List of folder paths to be added to the list of protected folders' LocalSecurityOptionsMachineInactivityLimitInMinutes = 'UInt32 | Optional | Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999' DefenderSecurityCenterDisableNetworkUI = 'Boolean | Optional | Used to disable the display of the firewall and network protection area.' UserRightsModifyObjectLabels = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DeviceGuardLocalSystemAuthorityCredentialGuardSettings = 'String | Optional | Turn on Credential Guard when Platform Security Level with Secure Boot and Virtualization Based Security are both enabled. Possible values are: notConfigured, enableWithUEFILock, enableWithoutUEFILock, disable. | notConfigured / enableWithUEFILock / enableWithoutUEFILock / disable' FirewallIdleTimeoutForSecurityAssociationInSeconds = 'UInt32 | Optional | Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600' DefenderSecurityCenterHelpURL = 'String | Optional | The help portal URL this is displayed to users.' LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = 'Boolean | Optional | This security setting determines whether packet signing is required by the SMB server component.' LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = 'Boolean | Optional | UI helper boolean for LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager entity' DefenderBlockEndUserAccess = 'Boolean | Optional | Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.' DeviceGuardEnableVirtualizationBasedSecurity = 'Boolean | Optional | Turns On Virtualization Based Security(VBS).' DefenderSecurityCenterBlockExploitProtectionOverride = 'Boolean | Optional | Indicates whether or not to block user from overriding Exploit Protection settings.' XboxServicesLiveGameSaveServiceStartupMode = 'String | Optional | This setting determines whether Live Game save service''s start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled. | manual / automatic / disabled' BitLockerEnableStorageCardEncryptionOnMobile = 'Boolean | Optional | Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU.' ApplicationGuardAllowPrintToLocalPrinters = 'Boolean | Optional | Allow printing to Local Printers from Container' DefenderGuardedFoldersAllowedAppPaths = 'StringArray | Optional | List of paths to exe that are allowed to access protected folders' DefenderFilesAndFoldersToExclude = 'StringArray | Optional | Files and folder to exclude from scans and real time protection.' DefenderAllowScanArchiveFiles = 'Boolean | Optional | Allows or disallows scanning of archives.' FirewallIPSecExemptionsNone = 'Boolean | Optional | Configures IPSec exemptions to no exemptions' BitLockerAllowStandardUserEncryption = 'Boolean | Optional | Allows the admin to allow standard users to enable encrpytion during Azure AD Join.' LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager = 'String | Optional | Edit the default Security Descriptor Definition Language string to allow or deny users and groups to make remote calls to the SAM.' DefenderScheduledScanDay = 'String | Optional | Selects the day that the Windows Defender scan should run. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan. | userDefined / everyday / sunday / monday / tuesday / wednesday / thursday / friday / saturday / noScheduledScan' DefenderSecurityCenterDisableHardwareUI = 'Boolean | Optional | Used to disable the display of the hardware protection area.' FirewallPacketQueueingMethod = 'String | Optional | Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth. | deviceDefault / disabled / queueInbound / queueOutbound / queueBoth' DefenderUntrustedUSBProcessType = 'String | Optional | Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DefenderNetworkProtectionType = 'String | Optional | Value indicating the behavior of NetworkProtection. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' ApplicationGuardEnabledOptions = 'String | Optional | Enable Windows Defender Application Guard for newer Windows builds. Possible values are: notConfigured, enabledForEdge, enabledForOffice, enabledForEdgeAndOffice. | notConfigured / enabledForEdge / enabledForOffice / enabledForEdgeAndOffice' DefenderScanDirection = 'String | Optional | Controls which sets of files should be monitored. Possible values are: monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. | monitorAllFiles / monitorIncomingFilesOnly / monitorOutgoingFilesOnly' BitLockerEncryptDevice = 'Boolean | Optional | Allows the admin to require encryption to be turned on using BitLocker.' DefenderAllowRealTimeMonitoring = 'Boolean | Optional | Allows or disallows Windows Defender Realtime Monitoring functionality.' FirewallIPSecExemptionsAllowNeighborDiscovery = 'Boolean | Optional | Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes' DefenderOfficeAppsOtherProcessInjection = 'String | Optional | Value indicating the behavior of Office applications injecting into other processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DefenderUntrustedExecutable = 'String | Optional | Value indicating response to executables that don''t meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DisplayName = 'String | Required | Admin provided name of the device configuration.' DefenderGuardMyFoldersType = 'String | Optional | Value indicating the behavior of protected folders. Possible values are: userDefined, enable, auditMode, blockDiskModification, auditDiskModification. | userDefined / enable / auditMode / blockDiskModification / auditDiskModification' LocalSecurityOptionsInformationDisplayedOnLockScreen = 'String | Optional | Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers. | notConfigured / administrators / administratorsAndPowerUsers / administratorsAndInteractiveUsers' DeviceGuardEnableSecureBootWithDMA = 'Boolean | Optional | This property will be deprecated in May 2019 and will be replaced with property DeviceGuardSecureBootWithDMA. Specifies whether Platform Security Level is enabled at next reboot.' DefenderOfficeAppsLaunchChildProcess = 'String | Optional | Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' DefenderScheduledQuickScanTime = 'String | Optional | Selects the time of day that the Windows Defender quick scan should run. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120' ApplicationGuardAllowCameraMicrophoneRedirection = 'Boolean | Optional | Gets or sets whether applications inside Microsoft Defender Application Guard can access the devices camera and microphone.' ApplicationGuardAllowPrintToXPS = 'Boolean | Optional | Allow printing to XPS from Container' DeviceGuardLaunchSystemGuard = 'String | Optional | Allows the IT admin to configure the launch of System Guard. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DefenderEnableScanMappedNetworkDrivesDuringFullScan = 'Boolean | Optional | Allows or disallows a full scan of mapped network drives.' LocalSecurityOptionsBlockRemoteOpticalDriveAccess = 'Boolean | Optional | Enabling this settings allows only interactively logged on user to access CD-ROM media.' DefenderUntrustedUSBProcess = 'String | Optional | Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsAllowUndockWithoutHavingToLogon = 'Boolean | Optional | Prevent a portable computer from being undocked without having to log in.' AppLockerApplicationControl = 'String | Optional | Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. | notConfigured / enforceComponentsAndStoreApps / auditComponentsAndStoreApps / enforceComponentsStoreAppsAndSmartlocker / auditComponentsStoreAppsAndSmartlocker' UserRightsRemoteShutdown = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } FirewallProfilePrivate = @{ PolicyRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' InboundNotificationsBlocked = 'Boolean | Optional | Prevents the firewall from displaying notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' OutboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' GlobalPortRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' ConnectionSecurityRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsRequired = 'Boolean | Optional | Configures the firewall to allow unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' PolicyRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.' UnicastResponsesToMulticastBroadcastsBlocked = 'Boolean | Optional | Configures the firewall to block unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.' IncomingTrafficRequired = 'Boolean | Optional | Configures the firewall to allow incoming traffic pursuant to other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' IncomingTrafficBlocked = 'Boolean | Optional | Configures the firewall to block all incoming traffic regardless of other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.' ConnectionSecurityRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.' StealthModeRequired = 'Boolean | Optional | Allow the server to operate in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' InboundNotificationsRequired = 'Boolean | Optional | Allows the firewall to display notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.' AuthorizedApplicationRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' InboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' OutboundConnectionsBlocked = 'Boolean | Optional | Configures the firewall to block all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.' StealthModeBlocked = 'Boolean | Optional | Prevent the server from operating in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.' GlobalPortRulesFromGroupPolicyMerged = 'Boolean | Optional | Configures the firewall to merge global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.' SecuredPacketExemptionBlocked = 'Boolean | Optional | Configures the firewall to block the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' SecuredPacketExemptionAllowed = 'Boolean | Optional | Configures the firewall to allow the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.' InboundConnectionsRequired = 'Boolean | Optional | Configures the firewall to allow all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.' FirewallEnabled = 'String | Optional | Configures the host device to allow or block the firewall and advanced security enforcement for the network profile. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' AuthorizedApplicationRulesFromGroupPolicyNotMerged = 'Boolean | Optional | Configures the firewall to prevent merging authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.' } ApplicationGuardAllowPrintToNetworkPrinters = 'Boolean | Optional | Allow printing to Network Printers from Container' LocalSecurityOptionsInformationShownOnLockScreen = 'String | Optional | Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, userDisplayNameDomainUser, userDisplayNameOnly, doNotDisplayUser. | notConfigured / userDisplayNameDomainUser / userDisplayNameOnly / doNotDisplayUser' DefenderOfficeAppsLaunchChildProcessType = 'String | Optional | Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DeviceGuardSecureBootWithDMA = 'String | Optional | Specifies whether Platform Security Level is enabled at next reboot. Possible values are: notConfigured, withoutDMA, withDMA. | notConfigured / withoutDMA / withDMA' DefenderAllowCloudProtection = 'Boolean | Optional | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.' LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = 'Boolean | Optional | This security setting determines whether a computer can be shut down without having to log on to Windows.' DefenderExploitProtectionXml = 'String | Optional | Xml content containing information regarding exploit protection details.' UserRightsRemoteDesktopServicesLogOn = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderProcessesToExclude = 'StringArray | Optional | Processes to exclude from scans and real time protection.' LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = 'Boolean | Optional | Enable Local accounts that are not password protected to log on from locations other than the physical device.Default is enabled' FirewallIPSecExemptionsAllowDHCP = 'Boolean | Optional | Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic' UserRightsLoadUnloadDrivers = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } UserRightsDenyLocalLogOn = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderScanType = 'String | Optional | Selects whether to perform a quick scan or full scan. Possible values are: userDefined, disabled, quick, full. | userDefined / disabled / quick / full' BitLockerSystemDrivePolicy = @{ PrebootRecoveryEnableMessageAndUrl = 'Boolean | Optional | Enable pre-boot recovery message and Url. If requireStartupAuthentication is false, this value does not affect.' StartupAuthenticationTpmPinUsage = 'String | Optional | Indicates if TPM startup pin is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' EncryptionMethod = 'String | Optional | Select the encryption method for operating system drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | aesCbc128 / aesCbc256 / xtsAes128 / xtsAes256' MinimumPinLength = 'UInt32 | Optional | Indicates the minimum length of startup pin. Valid values 4 to 20' PrebootRecoveryMessage = 'String | Optional | Defines a custom recovery message.' StartupAuthenticationTpmPinAndKeyUsage = 'String | Optional | Indicates if TPM startup pin key and key are allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' StartupAuthenticationRequired = 'Boolean | Optional | Require additional authentication at startup.' RecoveryOptions = @{ RecoveryInformationToStore = 'String | Optional | Configure what pieces of BitLocker recovery information are stored to AD DS. Possible values are: passwordAndKey, passwordOnly. | passwordAndKey / passwordOnly' HideRecoveryOptions = 'Boolean | Optional | Indicates whether or not to allow showing recovery options in BitLocker Setup Wizard for fixed or system disk.' BlockDataRecoveryAgent = 'Boolean | Optional | Indicates whether to block certificate-based data recovery agent.' RecoveryKeyUsage = 'String | Optional | Indicates whether users are allowed or required to generate a 256-bit recovery key for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' EnableBitLockerAfterRecoveryInformationToStore = 'Boolean | Optional | Indicates whether or not to enable BitLocker until recovery information is stored in AD DS.' EnableRecoveryInformationSaveToStore = 'Boolean | Optional | Indicates whether or not to allow BitLocker recovery information to store in AD DS.' RecoveryPasswordUsage = 'String | Optional | Indicates whether users are allowed or required to generate a 48-digit recovery password for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' } PrebootRecoveryUrl = 'String | Optional | Defines a custom recovery URL.' StartupAuthenticationTpmUsage = 'String | Optional | Indicates if TPM startup is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' StartupAuthenticationTpmKeyUsage = 'String | Optional | Indicates if TPM startup key is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' StartupAuthenticationBlockWithoutTpmChip = 'Boolean | Optional | Indicates whether to allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).' } DefenderAllowBehaviorMonitoring = 'Boolean | Optional | Allows or disallows Windows Defender Behavior Monitoring functionality.' LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = 'Boolean | Optional | By default, this security setting restricts anonymous access to shares and pipes to the settings for named pipes that can be accessed anonymously and Shares that can be accessed anonymously' DefenderSecurityCenterDisableNotificationAreaUI = 'Boolean | Optional | Used to disable the display of the notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DefenderDisableBehaviorMonitoring = 'Boolean | Optional | Allows or disallows Windows Defender Behavior Monitoring functionality.' DefenderAttackSurfaceReductionExcludedPaths = 'StringArray | Optional | List of exe files and folders to be excluded from attack surface reduction rules' UserRightsManageVolumes = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } ApplicationGuardBlockClipboardSharing = 'String | Optional | Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone. | notConfigured / blockBoth / blockHostToContainer / blockContainerToHost / blockNone' DefenderDaysBeforeDeletingQuarantinedMalware = 'UInt32 | Optional | Time period (in days) that quarantine items will be stored on the system. Valid values 0 to 90' DefenderDisableScanRemovableDrivesDuringFullScan = 'Boolean | Optional | Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.' LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = 'Boolean | Optional | This security setting determines whether the SMB client attempts to negotiate SMB packet signing.' ApplicationGuardEnabled = 'Boolean | Optional | Enable Windows Defender Application Guard' LocalSecurityOptionsHideUsernameAtSignIn = 'Boolean | Optional | Do not display the username of the person signing in to this device after credentials are entered and before the devices desktop is shown.' DefenderAllowScanDownloads = 'Boolean | Optional | Allows or disallows Windows Defender IOAVP Protection functionality.' DefenderUntrustedExecutableType = 'String | Optional | Value indicating response to executables that don''t meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, block, auditMode, warn, disable. | userDefined / block / auditMode / warn / disable' DefenderSecurityCenterDisableHealthUI = 'Boolean | Optional | Used to disable the display of the device performance and health area.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' FirewallCertificateRevocationListCheckMethod = 'String | Optional | Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault, none, attempt, require. | deviceDefault / none / attempt / require' DefenderSecurityCenterDisableFamilyUI = 'Boolean | Optional | Used to disable the display of the family options area.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UserRightsLockMemory = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } WindowsDefenderTamperProtection = 'String | Optional | Configure windows defender TamperProtection settings. Possible values are: notConfigured, enable, disable. | notConfigured / enable / disable' LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = 'Boolean | Optional | This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.' UserRightsImpersonateClient = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderSecurityCenterITContactDisplay = 'String | Optional | Configure where to display IT contact information to end users. Possible values are: notConfigured, displayInAppAndInNotifications, displayOnlyInApp, displayOnlyInNotifications. | notConfigured / displayInAppAndInNotifications / displayOnlyInApp / displayOnlyInNotifications' DefenderAdvancedRansomewareProtectionType = 'String | Optional | Value indicating use of advanced protection against ransomeware. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = 'String | Optional | Define who is allowed to format and eject removable NTFS media. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers. | notConfigured / administrators / administratorsAndPowerUsers / administratorsAndInteractiveUsers' DefenderDisableScanArchiveFiles = 'Boolean | Optional | Allows or disallows scanning of archives.' LanManagerAuthenticationLevel = 'String | Optional | This security setting determines which challenge/response authentication protocol is used for network logons. Possible values are: lmAndNltm, lmNtlmAndNtlmV2, lmAndNtlmOnly, lmAndNtlmV2, lmNtlmV2AndNotLm, lmNtlmV2AndNotLmOrNtm. | lmAndNltm / lmNtlmAndNtlmV2 / lmAndNtlmOnly / lmAndNtlmV2 / lmNtlmV2AndNotLm / lmNtlmV2AndNotLmOrNtm' UserRightsActAsPartOfTheOperatingSystem = @{ State = 'String | Optional | Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LocalUsersOrGroups = @( @{ Description = 'String | Optional | Admins description of this local user or group.' Name = 'String | Optional | The name of this local user or group.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SecurityIdentifier = 'String | Optional | The security identifier of this local user or group (e.g. S-1-5-32-544).' } ) } DefenderPreventCredentialStealingType = 'String | Optional | Value indicating if credential stealing from the Windows local security authority subsystem is permitted. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = 'Boolean | Optional | Virtualize file and registry write failures to per user locations' } ) DeviceConfigurationFirmwareInterfacePoliciesWindows10 = @( @{ Description = 'String | Optional | Admin provided description of the Device Configuration.' RearCamera = 'String | Optional | Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) MicrophonesAndSpeakers = 'String | Optional | Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UsbTypeAPort = 'String | Optional | Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' WiFi = 'String | Optional | Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' WirelessWideAreaNetwork = 'String | Optional | Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' BootFromBuiltInNetworkAdapters = 'String | Optional | Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' VirtualizationOfCpuAndIO = 'String | Optional | Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Bluetooth = 'String | Optional | Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' ChangeUefiSettingsPermission = 'String | Optional | Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none. | notConfiguredOnly / none' NearFieldCommunication = 'String | Optional | Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Cameras = 'String | Optional | Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Radios = 'String | Optional | Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' BootFromExternalMedia = 'String | Optional | Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Id = 'String | Optional | The unique identifier for an entity. Read-only.' SdCard = 'String | Optional | Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Microphone = 'String | Optional | Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' InfraredCamera = 'String | Optional | Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' FrontCamera = 'String | Optional | Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' WindowsPlatformBinaryTable = 'String | Optional | Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' SimultaneousMultiThreading = 'String | Optional | Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' WakeOnLAN = 'String | Optional | Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' WakeOnPower = 'String | Optional | Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' } ) DeviceConfigurationHealthMonitoringConfigurationPoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' ConfigDeviceHealthMonitoringScope = 'StringArray | Optional | Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement. | undefined / healthMonitoring / bootPerformance / windowsUpdates / privilegeManagement' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | Admin provided description of the Device Configuration.' AllowDeviceHealthMonitoring = 'String | Optional | Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' ConfigDeviceHealthMonitoringCustomScope = 'String | Optional | Specifies custom set of events collected from the device where health monitoring is enabled' DisplayName = 'String | Required | Admin provided name of the device configuration.' } ) DeviceConfigurationIdentityProtectionPoliciesWindows10 = @( @{ PinRecoveryEnabled = 'Boolean | Optional | Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service.' PinExpirationInDays = 'UInt32 | Optional | Integer value specifies the period (in days) that a PIN can be used before the system requires the user to change it. Valid values are 0 to 730 inclusive. Valid values 0 to 730' Description = 'String | Optional | Admin provided description of the Device Configuration.' UseSecurityKeyForSignin = 'Boolean | Optional | Boolean value used to enable the Windows Hello security key as a logon credential.' PinUppercaseCharactersUsage = 'String | Optional | This value configures the use of uppercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' DisplayName = 'String | Required | Admin provided name of the device configuration.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' PinPreviousBlockCount = 'UInt32 | Optional | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. Valid values 0 to 50' UseCertificatesForOnPremisesAuthEnabled = 'Boolean | Optional | Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' PinLowercaseCharactersUsage = 'String | Optional | This value configures the use of lowercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' SecurityDeviceRequired = 'Boolean | Optional | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM.' UnlockWithBiometricsEnabled = 'Boolean | Optional | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures.' WindowsHelloForBusinessBlocked = 'Boolean | Optional | Boolean value that blocks Windows Hello for Business as a method for signing into Windows.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' PinSpecialCharactersUsage = 'String | Optional | Controls the ability to use special characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' PinMaximumLength = 'UInt32 | Optional | Integer value that sets the maximum number of characters allowed for the work PIN. Valid values are 4 to 127 inclusive and greater than or equal to the value set for the minimum PIN. Valid values 4 to 127' EnhancedAntiSpoofingForFacialFeaturesEnabled = 'Boolean | Optional | Boolean value used to enable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication.' PinMinimumLength = 'UInt32 | Optional | Integer value that sets the minimum number of characters required for the Windows Hello for Business PIN. Valid values are 4 to 127 inclusive and less than or equal to the value set for the maximum PIN. Valid values 4 to 127' } ) DeviceConfigurationImportedPfxCertificatePoliciesWindows10 = @( @{ SubjectAlternativeNameType = 'String | Optional | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. | none / emailAddress / userPrincipalName / customAzureADAttribute / domainNameService / universalResourceIdentifier' Description = 'String | Optional | Admin provided description of the Device Configuration.' RenewalThresholdPercentage = 'UInt32 | Optional | Certificate renewal threshold percentage. Valid values 1 to 99' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CertificateValidityPeriodScale = 'String | Optional | Scale for the Certificate Validity Period. Possible values are: days, months, years. | days / months / years' KeyStorageProvider = 'String | Optional | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. | useTpmKspOtherwiseUseSoftwareKsp / useTpmKspOtherwiseFail / usePassportForWorkKspOtherwiseFail / useSoftwareKsp' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) CertificateValidityPeriodValue = 'UInt32 | Optional | Value for the Certificate Validity Period' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Id = 'String | Optional | The unique identifier for an entity. Read-only.' SubjectNameFormat = 'String | Optional | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. | commonName / commonNameIncludingEmail / commonNameAsEmail / custom / commonNameAsIMEI / commonNameAsSerialNumber / commonNameAsAadDeviceId / commonNameAsIntuneDeviceId / commonNameAsDurableDeviceId' IntendedPurpose = 'String | Optional | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. | unassigned / smimeEncryption / smimeSigning / vpn / wifi' } ) DeviceConfigurationKioskPoliciesWindows10 = @( @{ KioskBrowserBlockedUrlExceptions = 'StringArray | Optional | Specify URLs that the kiosk browser is allowed to navigate to' Description = 'String | Optional | Admin provided description of the Device Configuration.' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' KioskBrowserEnableNavigationButtons = 'Boolean | Optional | Enable the kiosk browser''s navigation buttons(forward/back). By default, the navigation buttons are disabled.' KioskBrowserRestartOnIdleTimeInMinutes = 'UInt32 | Optional | Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state. Valid values are 1-1440. Valid values 1 to 1440' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) KioskBrowserDefaultUrl = 'String | Optional | Specify the default URL the browser should navigate to on launch.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' KioskProfiles = @( @{ ProfileId = 'String | Optional | Key of the entity.' UserAccountsConfiguration = @( @{ GroupId = 'String | Optional | The ID of the AzureAD group that will be locked to this kiosk configuration' UserName = 'String | Optional | The local user that will be locked to this kiosk configuration' UniqueId = 'String | Required | [Unique ID to identify this specific object]' UserPrincipalName = 'String | Optional | The user accounts that will be locked to this kiosk configuration' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsKioskActiveDirectoryGroup / #microsoft.graph.windowsKioskAutologon / #microsoft.graph.windowsKioskAzureADGroup / #microsoft.graph.windowsKioskAzureADUser / #microsoft.graph.windowsKioskLocalGroup / #microsoft.graph.windowsKioskLocalUser / #microsoft.graph.windowsKioskVisitor' GroupName = 'String | Optional | The name of the AD group that will be locked to this kiosk configuration' UserId = 'String | Optional | The ID of the AzureAD user that will be locked to this kiosk configuration' DisplayName = 'String | Optional | The display name of the AzureAD group that will be locked to this kiosk configuration' } ) UniqueId = 'String | Required | [Unique ID to identify this specific object]' ProfileName = 'String | Optional | This is a friendly nameused to identify a group of applications, the layout of these apps on the start menu and the users to whom this kiosk configuration is assigned.' AppConfiguration = @{ UwpApp = @{ EdgeNoFirstRun = 'Boolean | Optional | Edge first run flag for Edge kiosk mode' Name = 'String | Optional | Represents the friendly name of an app' EdgeKiosk = 'String | Optional | Edge kiosk (url) for Edge kiosk mode' ClassicAppPath = 'String | Optional | This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode' AppId = 'String | Optional | This references an Intune App that will be target to the same assignments as Kiosk configuration' AppUserModelId = 'String | Optional | This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode' EdgeKioskIdleTimeoutMinutes = 'UInt32 | Optional | Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440' AutoLaunch = 'Boolean | Optional | Allow the app to be auto-launched in multi-app kiosk mode' StartLayoutTileSize = 'String | Optional | The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. | hidden / small / medium / wide / large' AppType = 'String | Optional | The app type. Possible values are: unknown, store, desktop, aumId. | unknown / store / desktop / aumId' EdgeKioskType = 'String | Optional | Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. | publicBrowsing / fullScreen' ContainedAppId = 'String | Optional | This references an contained App from an Intune App' DesktopApplicationId = 'String | Optional | Define the DesktopApplicationID of the app' DesktopApplicationLinkPath = 'String | Optional | Define the DesktopApplicationLinkPath of the app' Path = 'String | Optional | Define the path of a desktop app' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsKioskDesktopApp / #microsoft.graph.windowsKioskUWPApp / #microsoft.graph.windowsKioskWin32App' } Win32App = @{ EdgeNoFirstRun = 'Boolean | Optional | Edge first run flag for Edge kiosk mode' Name = 'String | Optional | Represents the friendly name of an app' EdgeKiosk = 'String | Optional | Edge kiosk (url) for Edge kiosk mode' ClassicAppPath = 'String | Optional | This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode' EdgeKioskIdleTimeoutMinutes = 'UInt32 | Optional | Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440' AppUserModelId = 'String | Optional | This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode' AppId = 'String | Optional | This references an Intune App that will be target to the same assignments as Kiosk configuration' AutoLaunch = 'Boolean | Optional | Allow the app to be auto-launched in multi-app kiosk mode' StartLayoutTileSize = 'String | Optional | The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. | hidden / small / medium / wide / large' AppType = 'String | Optional | The app type. Possible values are: unknown, store, desktop, aumId. | unknown / store / desktop / aumId' EdgeKioskType = 'String | Optional | Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. | publicBrowsing / fullScreen' ContainedAppId = 'String | Optional | This references an contained App from an Intune App' DesktopApplicationId = 'String | Optional | Define the DesktopApplicationID of the app' DesktopApplicationLinkPath = 'String | Optional | Define the DesktopApplicationLinkPath of the app' Path = 'String | Optional | Define the path of a desktop app' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsKioskDesktopApp / #microsoft.graph.windowsKioskUWPApp / #microsoft.graph.windowsKioskWin32App' } Apps = @( @{ EdgeNoFirstRun = 'Boolean | Optional | Edge first run flag for Edge kiosk mode' Name = 'String | Optional | Represents the friendly name of an app' EdgeKiosk = 'String | Optional | Edge kiosk (url) for Edge kiosk mode' ClassicAppPath = 'String | Optional | This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode' AppId = 'String | Optional | This references an Intune App that will be target to the same assignments as Kiosk configuration' AppUserModelId = 'String | Optional | This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode' EdgeKioskIdleTimeoutMinutes = 'UInt32 | Optional | Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440' UniqueId = 'String | Required | [Unique ID to identify this specific object]' AutoLaunch = 'Boolean | Optional | Allow the app to be auto-launched in multi-app kiosk mode' StartLayoutTileSize = 'String | Optional | The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large. | hidden / small / medium / wide / large' AppType = 'String | Optional | The app type. Possible values are: unknown, store, desktop, aumId. | unknown / store / desktop / aumId' EdgeKioskType = 'String | Optional | Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen. | publicBrowsing / fullScreen' ContainedAppId = 'String | Optional | This references an contained App from an Intune App' DesktopApplicationId = 'String | Optional | Define the DesktopApplicationID of the app' DesktopApplicationLinkPath = 'String | Optional | Define the DesktopApplicationLinkPath of the app' Path = 'String | Optional | Define the path of a desktop app' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsKioskDesktopApp / #microsoft.graph.windowsKioskUWPApp / #microsoft.graph.windowsKioskWin32App' } ) AllowAccessToDownloadsFolder = 'Boolean | Optional | This setting allows access to Downloads folder in file explorer.' ShowTaskBar = 'Boolean | Optional | This setting allows the admin to specify whether the Task Bar is shown or not.' DisallowDesktopApps = 'Boolean | Optional | This setting indicates that desktop apps are allowed. Default to true.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsKioskMultipleApps / #microsoft.graph.windowsKioskSingleUWPApp / #microsoft.graph.windowsKioskSingleWin32App' StartMenuLayoutXml = 'String | Optional | Allows admins to override the default Start layout and prevents the user from changing it.The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in Binary format.' } } ) WindowsKioskForceUpdateSchedule = @{ RunImmediatelyIfAfterStartDateTime = 'Boolean | Optional | If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.' StartDateTime = 'String | Optional | The start time for the force restart.' DayofMonth = 'UInt32 | Optional | Day of month. Valid values 1 to 31' Recurrence = 'String | Optional | Recurrence schedule. Possible values are: none, daily, weekly, monthly. | none / daily / weekly / monthly' DayofWeek = 'String | Optional | Day of week. Possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. | sunday / monday / tuesday / wednesday / thursday / friday / saturday' } KioskBrowserBlockedURLs = 'StringArray | Optional | Specify URLs that the kiosk browsers should not navigate to' Id = 'String | Optional | The unique identifier for an entity. Read-only.' EdgeKioskEnablePublicBrowsing = 'Boolean | Optional | Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false.' KioskBrowserEnableEndSessionButton = 'Boolean | Optional | Enable the kiosk browser''s end session button. By default, the end session button is disabled.' KioskBrowserEnableHomeButton = 'Boolean | Optional | Enable the kiosk browser''s home button. By default, the home button is disabled.' } ) DeviceConfigurationNetworkBoundaryPoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Admin provided description of the Device Configuration.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' WindowsNetworkIsolationPolicy = @{ EnterpriseProxyServers = 'StringArray | Optional | This is a list of proxy servers. Any server not on this list is considered non-enterprise.' EnterpriseInternalProxyServers = 'StringArray | Optional | This is the comma-separated list of internal proxy servers. For example, ''157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59''. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies.' EnterpriseIPRangesAreAuthoritative = 'Boolean | Optional | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false.' EnterpriseCloudResources = @( @{ Proxy = 'String | Optional | Proxy IP or FQDN' UniqueId = 'String | Required | [Unique ID to identify this specific object]' IpAddressOrFQDN = 'String | Optional | The IP address or FQDN' } ) EnterpriseProxyServersAreAuthoritative = 'Boolean | Optional | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false' EnterpriseNetworkDomainNames = 'StringArray | Optional | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to.' EnterpriseIPRanges = @( @{ CidrAddress = 'String | Optional | IPv4 address in CIDR notation. Not nullable.' UpperAddress = 'String | Optional | Upper address.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' LowerAddress = 'String | Optional | Lower address.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.iPv4CidrRange / #microsoft.graph.iPv6CidrRange / #microsoft.graph.iPv4Range / #microsoft.graph.iPv6Range' } ) NeutralDomainResources = 'StringArray | Optional | List of domain names that can used for work or personal resource.' } DisplayName = 'String | Required | Admin provided name of the device configuration.' } ) DeviceConfigurationPkcsCertificatePoliciesWindows10 = @( @{ SubjectAlternativeNameType = 'String | Optional | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. | none / emailAddress / userPrincipalName / customAzureADAttribute / domainNameService / universalResourceIdentifier' Description = 'String | Optional | Admin provided description of the Device Configuration.' RenewalThresholdPercentage = 'UInt32 | Optional | Certificate renewal threshold percentage. Valid values 1 to 99' DisplayName = 'String | Required | Admin provided name of the device configuration.' SubjectAlternativeNameFormatString = 'String | Optional | Custom String that defines the AAD Attribute.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CertificationAuthorityName = 'String | Optional | PKCS Certification Authority Name' KeyStorageProvider = 'String | Optional | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. | useTpmKspOtherwiseUseSoftwareKsp / useTpmKspOtherwiseFail / usePassportForWorkKspOtherwiseFail / useSoftwareKsp' CertificationAuthority = 'String | Optional | PKCS Certification Authority' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) CertificateValidityPeriodValue = 'UInt32 | Optional | Value for the Certificate Validity Period' CertificateTemplateName = 'String | Optional | PKCS Certificate Template Name' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' CertificateValidityPeriodScale = 'String | Optional | Scale for the Certificate Validity Period. Possible values are: days, months, years. | days / months / years' SubjectNameFormatString = 'String | Optional | Custom format to use with SubjectNameFormat = Custom. Example: CN=EmailAddress}},E=EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US' Id = 'String | Optional | The unique identifier for an entity. Read-only.' SubjectNameFormat = 'String | Optional | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. | commonName / commonNameIncludingEmail / commonNameAsEmail / custom / commonNameAsIMEI / commonNameAsSerialNumber / commonNameAsAadDeviceId / commonNameAsIntuneDeviceId / commonNameAsDurableDeviceId' CertificateStore = 'String | Optional | Target store certificate. Possible values are: user, machine. | user / machine' ExtendedKeyUsages = @( @{ ObjectIdentifier = 'String | Optional | Extended Key Usage Object Identifier' Name = 'String | Optional | Extended Key Usage Name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) CustomSubjectAlternativeNames = @( @{ Name = 'String | Optional | Custom SAN Name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SanType = 'String | Optional | Custom SAN Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. | none / emailAddress / userPrincipalName / customAzureADAttribute / domainNameService / universalResourceIdentifier' } ) } ) DeviceConfigurationPoliciesAndroidDeviceAdministrator = @( @{ PowerOffBlocked = 'Boolean | Optional | Block user from powering off device. If this setting is disabled the setting ''Number of sign-in failures before wiping device'' does not function.' VoiceAssistantBlocked = 'Boolean | Optional | Block voice assistant (Samsung KNOX Standard 4.0+).' AppsBlockCopyPaste = 'Boolean | Optional | Block copy and paste functionality.' StorageRequireDeviceEncryption = 'Boolean | Optional | Require encryption on device. Not all devices support encryption.' LocationServicesBlocked = 'Boolean | Optional | Location services blocked' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) NfcBlocked = 'Boolean | Optional | Block Near Field Communication (NFC) technology (Samsung KNOX Standard 4.0+).' DiagnosticDataBlockSubmission = 'Boolean | Optional | Block submitting diagnostic data from device.' DisplayName = 'String | Required | Display name of the Intune policy.' CellularBlockDataRoaming = 'Boolean | Optional | Block data roaming over the cellular network (Samsung KNOX Standard 4.0+).' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RequiredPasswordComplexity = 'String | Optional | Define the password complexity. | none / low / medium / high' GooglePlayStoreBlocked = 'Boolean | Optional | Block Google Play store (Samsung KNOX Standard 4.0+).' PasswordBlockTrustAgents = 'Boolean | Optional | Block Smart Lock or other trust agents from adjusting lock screen settings (Samsung KNOX Standard 5.0+).' StorageBlockGoogleBackup = 'Boolean | Optional | Block sync with Google backup.' CameraBlocked = 'Boolean | Optional | Block use of camera' DeviceSharingAllowed = 'Boolean | Optional | Allow multiple users to log into the Company Portal using their AAD credentials (Samsung KNOX Standard 4.0+).' WebBrowserBlockJavaScript = 'Boolean | Optional | Block JavaScript in the browser.' KioskModeBlockVolumeButtons = 'Boolean | Optional | Kiosk mode block volume buttons' VoiceDialingBlocked = 'Boolean | Optional | Block voice dialing (Samsung KNOX Standard 4.0+).' CompliantAppListType = 'String | Optional | Device compliance can be viewed in the Restricted Apps Compliance report. | none / appsInListCompliant / appsNotInListCompliant' AppsInstallAllowList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) WebBrowserBlockPopups = 'Boolean | Optional | Block pop-ups in web browser.' SecurityRequireVerifyApps = 'Boolean | Optional | Security require verify apps' BluetoothBlocked = 'Boolean | Optional | Block Bluetooth (Samsung KNOX Standard 4.0+).' GoogleAccountBlockAutoSync = 'Boolean | Optional | Block Google account auto sync functionality on device.' ScreenCaptureBlocked = 'Boolean | Optional | Block capturing contents of screen as an image.' WebBrowserCookieSettings = 'String | Optional | Allow or block browser cookies | browserDefault / blockAlways / allowCurrentWebSite / allowFromWebsitesVisited / allowAlways' PasswordExpirationDays = 'UInt32 | Optional | Number of days until device password must be changed. (1-365)' StorageBlockRemovableStorage = 'Boolean | Optional | Block removable storage usage (Samsung KNOX Standard 4.0+).' CellularBlockMessaging = 'Boolean | Optional | Block SMS/MMS messaging functionality (Samsung KNOX Standard 4.0+).' PasswordBlockFingerprintUnlock = 'Boolean | Optional | Block using fingerprint to unlock device.' KioskModeBlockSleepButton = 'Boolean | Optional | Kiosk mode block sleep button' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AppsLaunchBlockList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) Description = 'String | Optional | Description of the Intune policy.' PasswordRequired = 'Boolean | Optional | Require password to access device.' PasswordMinimumLength = 'UInt32 | Optional | Minimum number of digits or characters in password. (4-16)' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Number of consecutive times an incorrect password can be entered before device is wiped of all data.' WebBrowserBlocked = 'Boolean | Optional | Block web browser on device.' WiFiBlocked = 'Boolean | Optional | Block Wi-Fi (Samsung KNOX Standard 4.0+).' AppsHideList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Maximum minutes of inactivity until screen locks. Ignored by device if new time is longer than what''s currently set on device. If set to Immediately, devices will use the minimum possible value per device.' CellularBlockWiFiTethering = 'Boolean | Optional | Block Wi-Fi tethering (Samsung KNOX Standard 4.0+).' Id = 'String | Optional | Id of the Intune policy.' FactoryResetBlocked = 'Boolean | Optional | Block factory reset on device.' AppsBlockClipboardSharing = 'Boolean | Optional | Block clipboard sharing between apps (Samsung KNOX Standard 4.0+).' WebBrowserBlockAutofill = 'Boolean | Optional | Block autofill.' DateAndTimeBlockChanges = 'Boolean | Optional | Block user from changing date and time on device (Samsung KNOX).' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | Number of new passwords that must be used until an old one can be reused.' CompliantAppsList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) PasswordRequiredType = 'String | Optional | Specify the type of password required. | deviceDefault / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / numeric / numericComplex / any' StorageRequireRemovableStorageEncryption = 'Boolean | Optional | Storage cards must be encrypted. Not all devices support storage card encryption. For more information, see the device and mobile operating system documentation.' AppsBlockYouTube = 'Boolean | Optional | Block YouTube (Samsung KNOX Standard 4.0+).' KioskModeApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) CellularBlockVoiceRoaming = 'Boolean | Optional | Block voice roaming over the cellular network (Samsung KNOX Standard 4.0+).' } ) DeviceConfigurationPoliciesAndroidDeviceOwner = @( @{ KioskModeVirtualHomeButtonEnabled = 'Boolean | Optional | Enable IT administrators to temporarily leave multi-app kiosk mode to make changes on the device.' VolumeBlockAdjustment = 'Boolean | Optional | Block changes to volume.' KioskModeUseManagedHomeScreenApp = 'String | Optional | Whether or not to use single app kiosk mode or multi-app kiosk mode. | notConfigured / singleAppMode / multiAppMode' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AzureAdSharedDeviceDataClearApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) KioskModeAppPositions = @( @{ position = 'UInt32 | Optional | Position of the item on the grid. Valid values 0 to 9999999.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' item = @{ folderName = 'String | Optional | The folder name.' folderIdentifier = 'String | Optional | The folder identifier.' items = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' link = 'String | Optional | The link of the item.' className = 'String | Optional | The class name of the item.' label = 'String | Optional | The label of the item.' package = 'String | Optional | The package of the item.' odataType = 'String | Optional | The type of the item. | #microsoft.graph.androidDeviceOwnerKioskModeApp / #microsoft.graph.androidDeviceOwnerKioskModeWeblink' } ) label = 'String | Optional | The label of the item.' link = 'String | Optional | The link of the item.' package = 'String | Optional | The package of the item.' odataType = 'String | Optional | Type of the item. | #microsoft.graph.androidDeviceOwnerKioskModeApp / #microsoft.graph.androidDeviceOwnerKioskModeWeblink / #microsoft.graph.androidDeviceOwnerKioskModeManagedFolder' className = 'String | Optional | The class name of the item.' } } ) KioskModeManagedHomeScreenPinRequired = 'Boolean | Optional | Whether or not require user to set a PIN for sign-in session for Managed Home Screen.' MicrosoftLauncherConfigurationEnabled = 'Boolean | Optional | Indicates whether or not to you want configure Microsoft Launcher.' SystemUpdateWindowStartMinutesAfterMidnight = 'UInt32 | Optional | Beginning of the maintenance window in the device''s time zone.?' PlayStoreMode = 'String | Optional | Users get access to all apps, except the ones you''ve required uninstall in Client Apps. If you choose ''Not configured'' for this setting, users can only access the apps you''ve listed as available or required in Client Apps. | notConfigured / allowList / blockList' FactoryResetBlocked = 'Boolean | Optional | Block factory resetting from settings.' KioskModeManagedHomeScreenSignInBackground = 'String | Optional | Custom URL background for sign-in screen for Managed Home Screen.' ScreenCaptureBlocked = 'Boolean | Optional | Block screen capture' KioskModeManagedHomeScreenSignInEnabled = 'Boolean | Optional | Whether or not show sign-in screen for Managed Home Screen.' PasswordRequiredType = 'String | Optional | Set the password''s complexity requirements. Additional password requirements will become available based on your selection. | deviceDefault / required / numeric / numericComplex / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / customPassword' AppsRecommendSkippingFirstUseHints = 'Boolean | Optional | Enable a suggestion to apps that they skip their user tutorials and any introductory hints when they first start up, if applicable.' UsersBlockAdd = 'Boolean | Optional | Blocks users from adding and signing in to personal accounts while on the device.' PersonalProfileAppsAllowInstallFromUnknownSources = 'Boolean | Optional | Indicates whether the user can install apps from unknown sources on the personal profile.' KioskModeWiFiConfigurationEnabled = 'Boolean | Optional | Enable end-users to connect to different Wi-Fi networks.' BluetoothBlockContactSharing = 'Boolean | Optional | Block access to work contacts from another device such as a car system when an Android device is paired via Bluetooth.' KioskModeAppsInFolderOrderedByName = 'Boolean | Optional | Whether or not to alphabetize applications within a folder in Kiosk Mode.' MicrosoftLauncherCustomWallpaperImageUrl = 'String | Optional | Indicates the URL for the image file to use as the wallpaper on the targeted devices.' KioskModeMediaVolumeConfigurationEnabled = 'Boolean | Optional | Whether or not to allow a user to change the media volume in Kiosk Mode.' FactoryResetDeviceAdministratorEmails = 'StringArray | Optional | Email addresses of device admins for factory reset protection. When a device is factory reset, it will require that one of these admins log in with their Google account to unlock the device. If none are specified, factory reset protection is not enabled.' KioskCustomizationPowerButtonActionsBlocked = 'Boolean | Optional | Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode.' PersonalProfileScreenCaptureBlocked = 'Boolean | Optional | Indicates whether to disable the capability to take screenshots on the personal profile.' AppsAllowInstallFromUnknownSources = 'Boolean | Optional | When allowed, users can enable the ''unknown sources'' setting to install apps from sources other than the Google Play Store.' KioskModeWallpaperUrl = 'String | Optional | Customize the appearance of the screen background for assigned groups.' KioskModeScreenSaverConfigurationEnabled = 'Boolean | Optional | Start screen saver when the device screen times out or locks.' StorageBlockUsbFileTransfer = 'Boolean | Optional | Block transfer of files over USB.' PasswordMinimumLowerCaseCharacters = 'UInt32 | Optional | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16' VpnAlwaysOnPackageIdentifier = 'String | Optional | Android app package name for app that will handle an always-on VPN connection.' KioskModeManagedFolders = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' folderName = 'String | Optional | The folder name.' folderIdentifier = 'String | Optional | The folder identifier.' items = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' link = 'String | Optional | The link of the item.' className = 'String | Optional | The class name of the item.' label = 'String | Optional | The label of the item.' package = 'String | Optional | The package of the item.' odataType = 'String | Optional | The type of the item. | #microsoft.graph.androidDeviceOwnerKioskModeApp / #microsoft.graph.androidDeviceOwnerKioskModeWeblink' } ) } ) WorkProfilePasswordMinimumNumericCharacters = 'UInt32 | Optional | Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16' KioskCustomizationDeviceSettingsBlocked = 'Boolean | Optional | Indicates whether a user can access the device''s Settings app while in Kiosk Mode.' KioskModeManagedHomeScreenInactiveSignOutDelayInSeconds = 'UInt32 | Optional | Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999.' CrossProfilePoliciesAllowCopyPaste = 'Boolean | Optional | Indicates whether or not text copied from one profile (personal or work) can be pasted in the other.' PasswordMinimumNonLetterCharacters = 'UInt32 | Optional | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Number of consecutive times an incorrect password can be entered before device is wiped of all data. (4-11)' EnrollmentProfile = 'String | Optional | Represents the enrollment profile type. | notConfigured / dedicatedDevice / fullyManaged' PasswordBlockKeyguardFeatures = 'StringArray | Optional | These features are accessible to users when the device is locked. Users will not be able to see or access disabled features. | notConfigured / camera / notifications / unredactedNotifications / trustAgents / fingerprint / remoteInput / allFeatures / face / iris / biometrics' PasswordMinimumLetterCharacters = 'UInt32 | Optional | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16' SystemUpdateWindowEndMinutesAfterMidnight = 'UInt32 | Optional | End of the maintenance window in the device''s time zone.?' WorkProfilePasswordMinimumLength = 'UInt32 | Optional | Indicates the minimum length of the work profile password. Valid values 4 to 16' PasswordBlockKeyguard = 'Boolean | Optional | Disable lock screen' PersonalProfilePersonalApplications = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) KioskModeManagedHomeScreenAutoSignout = 'Boolean | Optional | Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen.' KioskModeLockHomeScreen = 'Boolean | Optional | Whether or not to lock home screen to the end user in Kiosk Mode.' NfcBlockOutgoingBeam = 'Boolean | Optional | Block usage of NFC to beam data from apps.' DateTimeConfigurationBlocked = 'Boolean | Optional | Block user from manually setting the date and time.' VpnAlwaysOnLockdownMode = 'Boolean | Optional | Enabling this forces all network traffic through the VPN tunnel. If a connection to the VPN can''t be established, no network traffic will be allowed.' MicrosoftLauncherSearchBarPlacementConfiguration = 'String | Optional | Indicates whether or not you want to configure the device dock. | notConfigured / top / bottom / hide' DisplayName = 'String | Required | The display name of hte policy.' KioskModeApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) StayOnModes = 'StringArray | Optional | The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear the Time to lock screen setting so that the device doesn''t lock itself while it stays on. | notConfigured / ac / usb / wireless' MicrosoftLauncherDockPresenceConfiguration = 'String | Optional | Indicates whether or not you want to configure the device dock. | notConfigured / show / hide / disabled' KioskModeFlashlightConfigurationEnabled = 'Boolean | Optional | Whether or not to allow a user to use the flashlight in Kiosk Mode.' KioskModeScreenSaverImageUrl = 'String | Optional | URL for an image that will be the device''s screen saver in Kiosk Mode.' AppsAutoUpdatePolicy = 'String | Optional | Devices check for app updates daily. The default behavior is to let device users decide. They''ll be able to set their preferences in the managed Google Play app. | notConfigured / userChoice / never / wiFiOnly / always' KioskModeIconSize = 'String | Optional | Icon size configuration for managed home screen in Kiosk Mode. | notConfigured / smallest / small / regular / large / largest' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' CellularBlockWiFiTethering = 'Boolean | Optional | Block tethering and access to portable hotspots.' KioskModeManagedHomeScreenPinRequiredToResume = 'Boolean | Optional | Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen.' KioskModeManagedSettingsEntryDisabled = 'Boolean | Optional | Whether or not to use single app kiosk mode or multi-app kiosk mode.' WorkProfilePasswordMinimumNonLetterCharacters = 'UInt32 | Optional | Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16' PasswordExpirationDays = 'UInt32 | Optional | Number of days until device password must be changed. (1-365)' MicrosoftLauncherDockPresenceAllowUserModification = 'Boolean | Optional | Indicates whether or not the user can modify the device dock configuration on the device.' MicrosoftLauncherFeedAllowUserModification = 'Boolean | Optional | Indicates whether or not the user can modify the launcher feed on the device.' KioskCustomizationSystemErrorWarnings = 'Boolean | Optional | Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode.' Description = 'String | Optional | The description of the policy.' SystemUpdateInstallType = 'String | Optional | When over-the-air updates are available for this device, they will be installed based on this policy.? | deviceDefault / postpone / windowed / automatic' StorageAllowUsb = 'Boolean | Optional | Allow USB storage.' UsersBlockRemove = 'Boolean | Optional | Block removal of users.' DetailedHelpText = @{ localizedMessages = @( @{ Name = 'String | Optional | Name of the message localizedMessages.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Value of the message localizedMessages.' } ) defaultMessage = 'String | Optional | The default message displayed if the user''s locale doesn''t match with any of the localized messages.' } CrossProfilePoliciesAllowDataSharing = 'String | Optional | Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. | notConfigured / crossProfileDataSharingBlocked / dataSharingFromWorkToPersonalBlocked / crossProfileDataSharingAllowed / unkownFutureValue' PasswordMinimumNumericCharacters = 'UInt32 | Optional | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16' MicrophoneForceMute = 'Boolean | Optional | Block unmuting the microphone and adjusting the microphone volume.' KioskModeWifiAllowedSsids = 'StringArray | Optional | The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements.' KioskModeScreenSaverDisplayTimeInSeconds = 'UInt32 | Optional | The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999' AppsDefaultPermissionPolicy = 'String | Optional | Define the default permission policy for requests for runtime permissions. | deviceDefault / prompt / autoGrant / autoDeny' Id = 'String | Optional | The Id of the policy.' GoogleAccountsBlocked = 'Boolean | Optional | Blocking prevents users from adding their personal Google account to their device.' WorkProfilePasswordPreviousPasswordCountToBlock = 'UInt32 | Optional | Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24' CrossProfilePoliciesShowWorkContactsInPersonalProfile = 'Boolean | Optional | Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls.' PasswordRequireUnlock = 'String | Optional | Indicates the timeout period after which a device must be unlocked using a form of strong authentication. | deviceDefault / daily / unkownFutureValue' PersonalProfileCameraBlocked = 'Boolean | Optional | Indicates whether to disable the use of the camera on the personal profile.' KioskModeScreenSaverDetectMediaDisabled = 'Boolean | Optional | Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode.' WorkProfilePasswordMinimumSymbolCharacters = 'UInt32 | Optional | Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16' BluetoothBlockConfiguration = 'Boolean | Optional | Block configuring Bluetooth.' PasswordMinimumLength = 'UInt32 | Optional | Indicates the minimum length of the password required on the device. Valid values 4 to 16' NetworkEscapeHatchAllowed = 'Boolean | Optional | Whether the network escape hatch is enabled. If a network connection can''t be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.' SystemWindowsBlocked = 'Boolean | Optional | Disable window notifications such as toasts, incoming calls, outgoing calls, system alerts, and system errors.?' KioskModeShowAppNotificationBadge = 'Boolean | Optional | Whether or not to display application notification badges in Kiosk Mode.' KioskModeShowDeviceInfo = 'Boolean | Optional | Whether or not to allow a user to access basic device information.' KioskModeVirtualHomeButtonType = 'String | Optional | Enable a soft-key button that returns users to the Managed Home Screen. Choose between a persistent, floating button or a button activated by a swipe-up gesture. | notConfigured / swipeUp / floating' GlobalProxy = @{ excludedHosts = 'StringArray | Optional | The excluded hosts.' host = 'String | Optional | The host name.' port = 'UInt32 | Optional | The port.' proxyAutoConfigURL = 'String | Optional | The proxy auto-config URL.' odataType = 'String | Optional | The type of the global proxy. | #microsoft.graph.androidDeviceOwnerGlobalProxyAutoConfig / #microsoft.graph.androidDeviceOwnerGlobalProxyDirect' } WorkProfilePasswordMinimumLowerCaseCharacters = 'UInt32 | Optional | Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16' DeviceOwnerLockScreenMessage = @{ localizedMessages = @( @{ Name = 'String | Optional | Name of the message localizedMessages.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Value of the message localizedMessages.' } ) defaultMessage = 'String | Optional | The default message displayed if the user''s locale doesn''t match with any of the localized messages.' } SecurityDeveloperSettingsEnabled = 'Boolean | Optional | Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device.' SystemUpdateFreezePeriods = @( @{ endMonth = 'UInt32 | Optional | The month of the end date of the freeze period. Valid values 1 to 12.' startMonth = 'UInt32 | Optional | The month of the start date of the freeze period. Valid values 1 to 12.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' startDay = 'UInt32 | Optional | The day of the start date of the freeze period. Valid values 1 to 31.' endDay = 'UInt32 | Optional | The day of the end date of the freeze period. Valid values 1 to 31.' } ) WorkProfilePasswordRequireUnlock = 'String | Optional | Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. | deviceDefault / daily / unkownFutureValue' WorkProfilePasswordRequiredType = 'String | Optional | Indicates the minimum password quality required on the work profile password. | deviceDefault / required / numeric / numericComplex / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / customPassword' StorageBlockExternalMedia = 'Boolean | Optional | Block mounting of external media.' KioskModeBluetoothConfigurationEnabled = 'Boolean | Optional | Enable end-users to configure and pair devices over Bluetooth.' PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Maximum time after which the device will lock. Can disable screen lock as well so that it never times out.' AccountsBlockModification = 'Boolean | Optional | Block modification of accounts. Only supported on Dedicated devices.' WifiBlockEditConfigurations = 'Boolean | Optional | Block user creation or editing of any Wi-Fi configurations.' KioskModeGridHeight = 'UInt32 | Optional | Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.' PasswordMinimumUpperCaseCharacters = 'UInt32 | Optional | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16' KioskModeManagedHomeScreenPinComplexity = 'String | Optional | Complexity of PIN for sign-in session for Managed Home Screen. | notConfigured / simple / complex' KioskModeFolderIcon = 'String | Optional | Folder icon configuration for managed home screen in Kiosk Mode. | notConfigured / darkSquare / darkCircle / lightSquare / lightCircle' KioskCustomizationSystemNavigation = 'String | Optional | Indicates which navigation features are enabled in Kiosk Mode. | notConfigured / navigationEnabled / homeButtonOnly' DataRoamingBlocked = 'Boolean | Optional | Block data roaming.' WorkProfilePasswordMinimumLetterCharacters = 'UInt32 | Optional | Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) CameraBlocked = 'Boolean | Optional | Block all cameras on the device' KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds = 'UInt32 | Optional | Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999.' KioskModeScreenOrientation = 'String | Optional | Screen orientation configuration for managed home screen in Kiosk Mode. | notConfigured / portrait / landscape / autoRotate' PasswordMinimumSymbolCharacters = 'UInt32 | Optional | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16' WifiBlockEditPolicyDefinedConfigurations = 'Boolean | Optional | Block changes to Wi-Fi configurations created by the device owner. Users can create their own Wi-Fi configurations.' KioskModeDebugMenuEasyAccessEnabled = 'Boolean | Optional | Whether or not to allow a user to easy access to the debug menu in Kiosk Mode' KioskModeManagedHomeScreenSignInBrandingLogo = 'String | Optional | Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen.' SecurityRequireVerifyApps = 'Boolean | Optional | Enable Google Play Protect to scan apps before and after they''re installed. If it detects a threat, it might warn the user to remove the app from the device. Required by default.' WorkProfilePasswordExpirationDays = 'UInt32 | Optional | Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365' KioskModeExitCode = 'String | Optional | The 4-6 digit PIN will be the code an IT administrator enters on a multi-app dedicated device to pause kiosk mode.' StatusBarBlocked = 'Boolean | Optional | Block access to the status bar, including notifications and quick settings.' PasswordPreviousPasswordCountToBlock = 'UInt32 | Optional | Enter the number of unique passwords required before a user can reuse an old one. (1-24)' KioskCustomizationStatusBar = 'String | Optional | Indicates whether system info and notifications are disabled in Kiosk Mode | notConfigured / notificationsAndSystemInfoEnabled / systemInfoOnly' ShortHelpText = @{ localizedMessages = @( @{ Name = 'String | Optional | Name of the message localizedMessages.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Value of the message localizedMessages.' } ) defaultMessage = 'String | Optional | The default message displayed if the user''s locale doesn''t match with any of the localized messages.' } PersonalProfilePlayStoreMode = 'String | Optional | Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked | notConfigured / blockedApps / allowedApps' KioskModeGridWidth = 'UInt32 | Optional | Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.' SecurityCommonCriteriaModeEnabled = 'Boolean | Optional | Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device.' WorkProfilePasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11' WorkProfilePasswordMinimumUpperCaseCharacters = 'UInt32 | Optional | Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16' MicrosoftLauncherFeedEnabled = 'Boolean | Optional | Indicates whether or not the user can modify the launcher feed on the device.' MicrosoftLauncherCustomWallpaperEnabled = 'Boolean | Optional | Indicates whether or not to configure the wallpaper on the targeted devices.' KioskModeAppOrderEnabled = 'Boolean | Optional | Whether or not to enable app ordering in Kiosk Mode.' KioskModeScreenSaverStartDelayInSeconds = 'UInt32 | Optional | The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999' MicrosoftLauncherCustomWallpaperAllowUserModification = 'Boolean | Optional | Indicates whether or not the user can modify the wallpaper to personalize their device.' CertificateCredentialConfigurationDisabled = 'Boolean | Optional | Blocks users from making any changes to credentials associated with certificates associated with certificates assigned to them.' } ) DeviceConfigurationPoliciesAndroidOpenSourceProject = @( @{ ScreenCaptureBlocked = 'Boolean | Optional | Prevent screen capture.' Description = 'String | Optional | Description of the Intune policy.' PasswordMinimumLength = 'UInt32 | Optional | Minimum number of characters required for the password.' DisplayName = 'String | Required | Display name of the Intune policy.' BluetoothBlocked = 'Boolean | Optional | Prevents using Bluetooth on devices.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) CameraBlocked = 'Boolean | Optional | Prevents access to the device camera.' AppsBlockInstallFromUnknownSources = 'Boolean | Optional | Prevent applications from unknown sources.' FactoryResetBlocked = 'Boolean | Optional | Prevent factory reset.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' PasswordRequiredType = 'String | Optional | Set password complexity. | deviceDefault / required / numeric / numericComplex / alphabetic / alphanumeric / alphanumericWithSymbols / lowSecurityBiometric / customPassword' PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Maximum minutes of inactivity until screen locks.' StorageBlockUsbFileTransfer = 'Boolean | Optional | Prevent USB file transfer.' WifiBlockEditConfigurations = 'Boolean | Optional | Prevent Wifi configuration edit.' Id = 'String | Optional | Id of the Intune policy.' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Number of sign-in failures before wiping device.' SecurityAllowDebuggingFeatures = 'Boolean | Optional | Enable debugging features.' StorageBlockExternalMedia = 'Boolean | Optional | Prevent external media.' BluetoothBlockConfiguration = 'Boolean | Optional | Prevent bluetooth configuration.' } ) DeviceConfigurationPoliciesAndroidWorkProfile = @( @{ WorkProfilePasswordBlockIrisUnlock = 'Boolean | Optional | Indicates whether or not to block iris unlock in work profile.' WorkProfilePasswordBlockTrustAgents = 'Boolean | Optional | Indicates whether or not to block Smart Lock and other trust agents for work profile' RequiredPasswordComplexity = 'String | Optional | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. | none / low / medium / high' WorkProfileBlockNotificationsWhileDeviceLocked = 'Boolean | Optional | Indicates whether or not to block notifications while device locked' Description = 'String | Optional | Description of the device general configuration policy for Android WorkProfile' UniqueId = 'String | Required | Unique ID to identify this specific object' WorkProfileRequirePassword = 'Boolean | Optional | Password is required or not for work profile' WorkProfilePasswordMinNumericCharacters = 'UInt32 | Optional | Minimum count of numeric characters required in work profile password' DisplayName = 'String | Required | Display name of the device general configuration policy for Android WorkProfile.' PasswordBlockFingerprintUnlock = 'Boolean | Optional | Indicates whether or not to block fingerprint unlock' AccessTokens = 'StringArray | Optional | Access token used for authentication.' WorkProfilePasswordBlockFingerprintUnlock = 'Boolean | Optional | Indicates whether or not to block fingerprint unlock in work profile' WorkProfilePasswordMinLowerCaseCharacters = 'UInt32 | Optional | Minimum count of lower-case characters required in work profile password' VpnEnableAlwaysOnLockdownMode = 'Boolean | Optional | Enable lockdown mode for always-on VPN.' passwordBlockTrustAgents = 'Boolean | Optional | Indicates whether or not to block Smart Lock and other trust agents.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) WorkProfileBlockCrossProfileCopyPaste = 'Boolean | Optional | Boolean that indicates if the setting disallow cross profile copy paste is enabled' PasswordBlockFaceUnlock = 'Boolean | Optional | Indicates whether or not to block face unlock.' WorkProfilePasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Minutes of inactivity before the screen times out' WorkProfileBlockCrossProfileContactsSearch = 'Boolean | Optional | Block work profile contacts availability in personal profile' SecurityRequireVerifyApps = 'Boolean | Optional | Require the Android Verify apps feature is turned on' PasswordRequiredType = 'String | Optional | Type of password that is required | deviceDefault / lowSecurityBiometric / required / atLeastNumeric / numericComplex / atLeastAlphabetic / atLeastAlphanumeric / alphanumericWithSymbols' WorkProfileAllowAppInstallsFromUnknownSources = 'Boolean | Optional | Indicates whether to allow installation of apps from unknown sources.' WorkProfilePasswordRequiredType = 'String | Optional | Type of work profile password that is required | deviceDefault / lowSecurityBiometric / required / atLeastNumeric / numericComplex / atLeastAlphabetic / atLeastAlphanumeric / alphanumericWithSymbols' WorkProfilePasswordBlockFaceUnlock = 'Boolean | Optional | Indicates whether or not to block face unlock in work profile.' PasswordExpirationDays = 'UInt32 | Optional | Number of days before the password expires' WorkProfileBluetoothEnableContactSharing = 'Boolean | Optional | Allow bluetooth devices to access enterprise contacts' WorkProfileDataSharingType = 'String | Optional | Type of data sharing that is allowed | deviceDefault / preventAny / allowPersonalToWork / noRestrictions' WorkProfilePasswordMinSymbolCharacters = 'UInt32 | Optional | Minimum count of symbols required in work profile password' WorkProfilePasswordMinUpperCaseCharacters = 'UInt32 | Optional | Minimum count of upper-case characters required in work profile password' Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' WorkProfileBlockScreenCapture = 'Boolean | Optional | Block screen capture in work profile' WorkProfilePasswordMinimumLength = 'UInt32 | Optional | Minimum length of work profile password' WorkProfilePasswordPreviousPasswordBlockCount = 'UInt32 | Optional | Number of previous work profile passwords to block' PasswordMinimumLength = 'UInt32 | Optional | Minimum length of passwords' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Number of sign in failures allowed before factory reset' WorkProfilePasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | Number of sign in failures allowed before work profile is removed and all corporate data deleted' PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Minutes of inactivity before the screen times out' WorkProfileBlockAddingAccounts = 'Boolean | Optional | Block users from adding/removing accounts in work profile' WorkProfilePasswordMinLetterCharacters = 'UInt32 | Optional | Minimum count of letter characters required in work profile password' WorkProfileRequiredPasswordComplexity = 'String | Optional | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH in work profile. | none / low / medium / high' WorkProfileBlockCrossProfileCallerId = 'Boolean | Optional | Block display work profile caller ID in personal profile' WorkProfileBlockCamera = 'Boolean | Optional | Block work profile camera' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | Number of previous passwords to block' WorkProfileAllowWidgets = 'Boolean | Optional | Allow widgets from work profile apps.' VpnAlwaysOnPackageIdentifier = 'String | Optional | Package identifier for always-on VPN.' WorkProfilePasswordExpirationDays = 'UInt32 | Optional | Number of days before the work profile password expires' WorkProfileBlockPersonalAppInstallsFromUnknownSources = 'Boolean | Optional | Prevent app installations from unknown sources in the personal profile.' WorkProfileDefaultAppPermissionPolicy = 'String | Optional | Type of password that is required | deviceDefault / prompt / autoGrant / autoDeny' WorkProfilePasswordMinNonLetterCharacters = 'UInt32 | Optional | Minimum count of non-letter characters required in work profile password' PasswordBlockIrisUnlock = 'Boolean | Optional | Indicates whether or not to block iris unlock.' } ) DeviceConfigurationPoliciesiOS = @( @{ EmailInDomainSuffixes = 'StringArray | Optional | Emails that the user sends or receives which don''t match the domains you specify here will be marked as untrusted.' DocumentsBlockUnmanagedDocumentsInManagedApps = 'Boolean | Optional | Indicates whether or not to block the user from viewing unmanaged documents in managed apps.' FaceTimeBlocked = 'Boolean | Optional | Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later.' OnDeviceOnlyDictationForced = 'Boolean | Optional | Indicates whether or not to enforce on device only dictation.' NetworkUsageRules = @( @{ cellularDataBlockWhenRoaming = 'Boolean | Optional | If set to true, corresponding managed apps will not be allowed to use cellular data when roaming.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' managedApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) cellularDataBlocked = 'Boolean | Optional | If set to true, corresponding managed apps will not be allowed to use cellular data at any time.' } ) ICloudBlockActivityContinuation = 'Boolean | Optional | Handoff lets users start work on one iOS device, and continue it on another MacOS or iOS device.' SoftwareUpdatesEnforcedDelayInDays = 'UInt32 | Optional | Delay the user''s software update for this many days. The maximum is 90 days. (1-90)' AppsSingleAppModeList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) ICloudBlockPhotoLibrary = 'Boolean | Optional | Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.' PrivacyForceLimitAdTracking = 'Boolean | Optional | Disables device advertising identifier' CameraBlocked = 'Boolean | Optional | Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later.' MediaContentRatingGermany = @{ movieRating = 'String | Optional | Movies rating selected for Germany | allAllowed / allBlocked / general / agesAbove6 / agesAbove12 / agesAbove16 / adults' tvRating = 'String | Optional | TV rating selected for Germany | allAllowed / allBlocked / general / agesAbove6 / agesAbove12 / agesAbove16 / adults' } KeyboardBlockShortcuts = 'Boolean | Optional | Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later).' FilesUsbDriveAccessBlocked = 'Boolean | Optional | Devices with access can connect to and open files on a USB drive. Available for devices running iOS and iPadOS, versions 13.0 and later.' MediaContentRatingUnitedKingdom = @{ movieRating = 'String | Optional | Movies rating selected for UK | allAllowed / allBlocked / general / universalChildren / parentalGuidance / agesAbove12Video / agesAbove12Cinema / agesAbove15 / adults' tvRating = 'String | Optional | TV rating selected for UK | allAllowed / allBlocked / caution' } AppStoreBlocked = 'Boolean | Optional | For supervised devices as of iOS 13.0.' KioskModeRequireColorInversion = 'Boolean | Optional | Indicates whether or not to enforce color inversion while in Kiosk Mode.' ICloudPrivateRelayBlocked = 'Boolean | Optional | Block iCloud private relay.' KeychainBlockCloudSync = 'Boolean | Optional | Disables syncing credentials stored in the Keychain to iCloud.' SharedDeviceBlockTemporarySessions = 'Boolean | Optional | Indicates whether or not to block temporary sessions on shared devices.' SafariBlocked = 'Boolean | Optional | Indicates whether or not to block Safari. For supervised devices as of iOS 13.0.' ICloudBlockSharedPhotoStream = 'Boolean | Optional | Block shared photo streaming. Blocking can cause data loss.' EnterpriseBookBlockMetadataSync = 'Boolean | Optional | Indicates whether or not to sync enterprise book metadata.' AirDropBlocked = 'Boolean | Optional | Indicates whether or not to allow AirDrop when the device is in supervised mode.' DeviceBlockEnableRestrictions = 'Boolean | Optional | On iOS 12.0 and later, this blocks users from setting their own Screen Time settings, which includes device restrictions. On iOS 11.4.1 and earlier, this blocks the user from enabling restrictions in the device settings. The blocking effect is the same on any supervised iOS device.' KioskModeBlockRingerSwitch = 'Boolean | Optional | Indicates whether or not to block the ringer switch while in Kiosk Mode.' KioskModeEnableVoiceControl = 'Boolean | Optional | Indicates whether or not to enable the voice control while in Kiosk Mode.' KioskModeBlockSleepButton = 'Boolean | Optional | Indicates whether or not to block the sleep button while in Kiosk Mode.' AppStoreBlockInAppPurchases = 'Boolean | Optional | Block AppStore in-app purchases.' ApplePersonalizedAdsBlocked = 'Boolean | Optional | Block Apple PersonalizedAdsBlocked' KioskModeBlockAutoLock = 'Boolean | Optional | Indicates whether or not to block the auto-lock while in Kiosk Mode.' ClassroomAppBlockRemoteScreenObservation = 'Boolean | Optional | Block remote screen observation by Classroom app. To use this setting, the device must be in supervised mode (iOS 9.3+).' PasscodeBlockFingerprintModification = 'Boolean | Optional | Block users from adding, changing, or removing fingerprints and faces. Face ID is avaliable in iOS 11.0 and later.' FindMyDeviceInFindMyAppBlocked = 'Boolean | Optional | A Find My app feature. Available for iOS/iPadOS 13.0 and later.' IBooksStoreBlocked = 'Boolean | Optional | Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode.' KioskModeRequireVoiceOver = 'Boolean | Optional | Indicates whether or not to enforce voice control while in Kiosk Mode.' SafariManagedDomains = 'StringArray | Optional | Documents downloaded from the URLs you specify here will be considered managed (Safari only).' AirDropForceUnmanagedDropTarget = 'Boolean | Optional | Force AirDrop to be considered an unmanaged drop target.' SafariBlockAutofill = 'Boolean | Optional | Indicates whether or not to block Safari autofill.' PasscodeSignInFailureCountBeforeWipe = 'UInt32 | Optional | Number of consecutive times an incorrect password can be entered before device is wiped of all data. (2-11)' ContinuousPathKeyboardBlocked = 'Boolean | Optional | QuickPath enables continuous input on the device keyboard. Available for iOS/iPadOS 13.0 and later.' AppleWatchForceWristDetection = 'Boolean | Optional | Force paired Apple watch to use wrist detection.' PasscodeMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Set to 0 to use the device''s minimum possible value. This number (0-60) overrides the number currently set on the device. If set to Immediately, devices will use the minimum possible value per device.' KioskModeAllowVoiceControlModification = 'Boolean | Optional | Indicates whether or not to allow the user to toggle voice control in kiosk mode.' MediaContentRatingUnitedStates = @{ movieRating = 'String | Optional | Movies rating selected for USA | allAllowed / allBlocked / general / parentalGuidance / parentalGuidance13 / restricted / adults' tvRating = 'String | Optional | TV rating selected for USA | allAllowed / allBlocked / childrenAll / childrenAbove7 / general / parentalGuidance / childrenAbove14 / adults' } KioskModeBlockVolumeButtons = 'Boolean | Optional | Indicates whether or not to block the volume buttons while in Kiosk Mode.' HostPairingBlocked = 'Boolean | Optional | Host pairing allows you to control which devices the device can pair with.' AppClipsBlocked = 'Boolean | Optional | Block app clips.' OnDeviceOnlyTranslationForced = 'Boolean | Optional | Indicates whether or not to enforce on device only translation.' AccountBlockModification = 'Boolean | Optional | Indicates whether or not to allow account modification when the device is in supervised mode.' CellularBlockPlanModification = 'Boolean | Optional | Indicates whether or not to allow users to change the settings of the cellular plan on a supervised device.' AirPrintBlocked = 'Boolean | Optional | Blocks AirPrint request.' EnterpriseBookBlockBackup = 'Boolean | Optional | Indicates whether or not to backup enterprise book.' KioskModeAllowZoomSettings = 'Boolean | Optional | Users can turn zoom on or off.' PasswordBlockAirDropSharing = 'Boolean | Optional | Indicates whether or not to block AirDrop password sharing' CellularBlockPersonalHotspotModification = 'Boolean | Optional | For devices running iOS 12.2 and later. Users can''t turn Personal Hotspot on or off. If you block this setting and block Personal Hotspot, Personal Hotspot will be turned off.' NotificationsBlockSettingsModification = 'Boolean | Optional | Indicates whether or not to allow notifications settings modification (iOS 9.3 and later).' CertificatesBlockUntrustedTlsCertificates = 'Boolean | Optional | Block untrusted Transport Layer Security (TLS) certificates.' DateAndTimeForceSetAutomatically = 'Boolean | Optional | Forces device to Set Date & Time Automatically. The device''s time zone will only be updated when the device has cellular connections or wifi with location services enabled.' FilesNetworkDriveAccessBlocked = 'Boolean | Optional | Using the Server Message Block (SMB) protocol, devices can access files or other resources on a network server. Available for devices running iOS and iPadOS, versions 13.0 and later.' SafariPasswordAutoFillDomains = 'StringArray | Optional | Users can save passwords in Safari only from URLs matching the patterns you specify here. To use this setting, the device must be in supervised mode and not configured for multiple users. (iOS 9.3+)' KeyboardBlockSpellCheck = 'Boolean | Optional | Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later).' PasscodeMinimumCharacterSetCount = 'UInt32 | Optional | Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.' KioskModeAllowScreenRotation = 'Boolean | Optional | Kiosk mode allow screen rotation' WiFiConnectToAllowedNetworksOnlyForced = 'Boolean | Optional | Require devices to use Wi-Fi networks set up via configuration profiles. Available for devices running iOS and iPadOS versions 14.5 and later.' KioskModeAllowColorInversionSettings = 'Boolean | Optional | Users can turn invert colors on or off.' PasscodeMinutesOfInactivityBeforeLock = 'UInt32 | Optional | Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device. (This compliance check is supported for devices with OS versions iOS 8.0 and above)' EnterpriseAppBlockTrust = 'Boolean | Optional | Removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management.' DiagnosticDataBlockSubmission = 'Boolean | Optional | Block the device from sending diagnostic and usage telemetry data.' GamingBlockMultiplayer = 'Boolean | Optional | For supervised devices as of iOS 13.0.' KioskModeManagedAppId = 'String | Optional | Add managed Intune apps from the Software Node.' KioskModeRequireAssistiveTouch = 'Boolean | Optional | Indicates whether or not to enforce assistive touch while in Kiosk Mode.' AppStoreBlockUIAppInstallation = 'Boolean | Optional | Block App Store from Home Screen. Users may continue to use iTunes or Apple Configurator to install or update apps.' ITunesBlockExplicitContent = 'Boolean | Optional | Block explicit iTunes music, podcast, and news content from iTunes. For supervised devices as of 13.0.' DeviceBlockEraseContentAndSettings = 'Boolean | Optional | Block the use of the erase all content and settings option on the device.' UsbRestrictedModeBlocked = 'Boolean | Optional | Blocks USB Restricted mode. USB Restricted mode blocks USB accessories from exchanging data with a device that has been locked over an hour.' SafariBlockJavaScript = 'Boolean | Optional | Indicates whether or not to block javascript in Safari.' Description = 'String | Optional | Description of the Intune policy.' AppRemovalBlocked = 'Boolean | Optional | Block app removal.' ClassroomForceUnpromptedAppAndDeviceLock = 'Boolean | Optional | Teachers can lock an app open or lock the device without first prompting the user.' PodcastsBlocked = 'Boolean | Optional | Indicates whether or not to block podcasts.' ClassroomForceRequestPermissionToLeaveClasses = 'Boolean | Optional | Requires a student enrolled in an unmanaged course via Classroom to request permission from the teacher when attempting to leave the course. Only available in iOS 11.3+' AppsVisibilityList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) KioskModeAppStoreUrl = 'String | Optional | URL of app for kiosk mode, e.g. https://itunes.apple.com/us/app/work-folders/id950878067?mt=8' MediaContentRatingFrance = @{ movieRating = 'String | Optional | Movies rating selected for France | allAllowed / allBlocked / agesAbove10 / agesAbove12 / agesAbove16 / agesAbove18' tvRating = 'String | Optional | TV rating selected for France | allAllowed / allBlocked / agesAbove10 / agesAbove12 / agesAbove16 / agesAbove18' } BlockSystemAppRemoval = 'Boolean | Optional | Blocking disables the ability to remove system apps from the device.' AppsVisibilityListType = 'String | Optional | Set whether the list is a list of apps to hide or a list of apps to make visible. | none / appsInListCompliant / appsNotInListCompliant' EsimBlockModification = 'Boolean | Optional | Indicates whether or not to allow the addition or removal of cellular plans on the eSIM of a supervised device.' ContactsAllowUnmanagedToManagedRead = 'Boolean | Optional | An unmanaged app, such as the device''s built-in contacts app, can access contact info in a managed app, such as Outlook.' KioskModeAllowVoiceOverSettings = 'Boolean | Optional | Users can turn VoiceOver on or off.' SiriBlocked = 'Boolean | Optional | Indicates whether or not to block Siri.' KioskModeBlockScreenRotation = 'Boolean | Optional | Indicates whether or not to block the screen rotation while in Kiosk Mode.' NfcBlocked = 'Boolean | Optional | Indicates whether or not to block the user from using nfc on the supervised device.' MediaContentRatingJapan = @{ movieRating = 'String | Optional | Movies rating selected for Japan | allAllowed / allBlocked / general / parentalGuidance / agesAbove15 / agesAbove18' tvRating = 'String | Optional | TV rating selected for Japan | allAllowed / allBlocked / explicitAllowed' } PasswordBlockAutoFill = 'Boolean | Optional | Indicates whether or not to block password autofill.' CompliantAppsList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | Define the name of the app.' appId = 'String | Optional | Kiosk mode managed app id' appStoreUrl = 'String | Optional | Define the app store URL.' odataType = 'String | Optional | odatatype of the item. | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | Define the publisher of the app.' } ) LockScreenBlockNotificationView = 'Boolean | Optional | Indicates whether or not to block the user from using the notification view on the lock screen.' ScreenCaptureBlocked = 'Boolean | Optional | Indicates whether or not to block the user from taking Screenshots' KioskModeAllowTouchscreen = 'Boolean | Optional | Kiosk mode allow touchscreen' ICloudRequireEncryptedBackup = 'Boolean | Optional | Require encryption on device backup.' CellularBlockDataRoaming = 'Boolean | Optional | Block data roaming over the cellular network. This won''t show in the device''s management profile, but a block will be enforced for data roaming every time the device checks in (typically every 8 hours).' ICloudBlockDocumentSync = 'Boolean | Optional | Blocks iCloud from syncing documents and data.' ITunesBlockRadio = 'Boolean | Optional | Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later).' KioskModeAppType = 'String | Optional | Indicates type of app in kiosk mode. | notConfigured / appStoreApp / managedApp / builtInApp' KioskModeAllowVolumeButtons = 'Boolean | Optional | Kiosk mode allow volume buttons' SiriBlockUserGeneratedContent = 'Boolean | Optional | Block Siri from querying user-generated content from the internet.' VoiceDialingBlocked = 'Boolean | Optional | Indicates whether or not to block voice dialing.' PasscodeMinimumLength = 'UInt32 | Optional | Minimum number of digits or characters in password. (4-14)' ActivationLockAllowWhenSupervised = 'Boolean | Optional | Activation Lock makes it harder for a lost or stolen device to be reactivated.' CellularBlockVoiceRoaming = 'Boolean | Optional | Block voice roaming over the cellular network.' MediaContentRatingIreland = @{ movieRating = 'String | Optional | Movies rating selected for Ireland | allAllowed / allBlocked / general / parentalGuidance / agesAbove12 / agesAbove15 / agesAbove16 / adults' tvRating = 'String | Optional | TV rating selected for Ireland | allAllowed / allBlocked / general / children / youngAdults / parentalSupervision / mature' } Id = 'String | Optional | Id of the Intune policy.' KeyboardBlockDictation = 'Boolean | Optional | Indicates whether or not to block the user from using dictation input when the device is in supervised mode.' PasscodeBlockModification = 'Boolean | Optional | Block passcode from being added, changed or removed. Changes to passcode restrictions will be ignored on supervised devices after blocking passcode modification.' AutoUnlockBlocked = 'Boolean | Optional | Block auto unlock.' PasswordBlockProximityRequests = 'Boolean | Optional | Indicates whether or not to block password proximity requests.' MediaContentRatingAustralia = @{ movieRating = 'String | Optional | Movies rating selected for Australia | allAllowed / allBlocked / general / parentalGuidance / mature / agesAbove15 / agesAbove18' tvRating = 'String | Optional | TV rating selected for Australia | allAllowed / allBlocked / preschoolers / children / general / parentalGuidance / mature / agesAbove15 / agesAbove15AdultViolence' } DiagnosticDataBlockSubmissionModification = 'Boolean | Optional | Block the modification of the diagnostic submission and app analytics settings in the Diagnostics and Usage pane in Settings. To use this setting, the device must be in supervised mode (iOS 9.3.2+).' SafariRequireFraudWarning = 'Boolean | Optional | Indicates whether or not to require fraud warning in Safari.' ManagedPasteboardRequired = 'Boolean | Optional | Indicates whether or not to enforce managed pasteboard.' ProximityBlockSetupToNewDevice = 'Boolean | Optional | Block user''s from using their Apple devices to set up and configure other Apple devices.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisplayName = 'String | Required | Display name of the Intune policy.' SiriBlockedWhenLocked = 'Boolean | Optional | Indicates whether or not to block Siri when locked.' MessagesBlocked = 'Boolean | Optional | Indicates whether or not to block the user from using the Messages app on the supervised device.' MediaContentRatingCanada = @{ movieRating = 'String | Optional | Movies rating selected for Canada | allAllowed / allBlocked / general / parentalGuidance / agesAbove14 / agesAbove18 / restricted' tvRating = 'String | Optional | TV rating selected for Canada | allAllowed / allBlocked / children / childrenAbove8 / general / parentalGuidance / agesAbove14 / agesAbove18' } ICloudBlockPhotoStreamSync = 'Boolean | Optional | Block photo stream syncing to iCloud.' KeyboardBlockPredictive = 'Boolean | Optional | Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later).' SafariBlockPopups = 'Boolean | Optional | Indicates whether or not to block popups on Safari.' GameCenterBlocked = 'Boolean | Optional | Indicates whether or not to block the user from using Game Center when the device is in supervised mode.' PasscodeBlockSimple = 'Boolean | Optional | Block simple password sequences, such as 1234 or 1111.' ITunesBlocked = 'Boolean | Optional | Block iTunes.' FindMyFriendsInFindMyAppBlocked = 'Boolean | Optional | A Find My app feature. Used to locate family and friends from an Apple device or iCloud.com. Available for iOS/iPadOS 13.0 and later.' LockScreenBlockPassbook = 'Boolean | Optional | Indicates whether or not to block the user from using passbook when the device is locked.' KioskModeAllowSleepButton = 'Boolean | Optional | Kiosk mode allow sleep button' PasscodeRequired = 'Boolean | Optional | In addition to requiring a password on all devices, this setting enforces a non-simple, 6-digit password requirement (regardless of other password settings you configure) on devices that are enrolled with Apple user enrollment.' EnterpriseAppBlockTrustModification = 'Boolean | Optional | Block the changing of enterprise app trust settings.' AirPlayForcePairingPasswordForOutgoingRequests = 'Boolean | Optional | Force requiring a pairing password for outgoing AirPlay requests.' KeyboardBlockAutoCorrect = 'Boolean | Optional | Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later).' AirPrintBlockiBeaconDiscovery = 'Boolean | Optional | Blocking prevents malicious AirPrint Bluetooth beacons phishing for network traffic.' SpotlightBlockInternetResults = 'Boolean | Optional | Blocks Spotlight from returning any results from an Internet search.' IBooksStoreBlockErotica = 'Boolean | Optional | User will not be able to download media from the iBook store that has been tagged as erotica.' KioskModeAllowRingerSwitch = 'Boolean | Optional | Kiosk mode allow ringer switch' VpnBlockCreation = 'Boolean | Optional | Blocks the creation of VPN configurations' PkiBlockOTAUpdates = 'Boolean | Optional | Allows your users to receive software updates without connecting their devices to a computer' CellularBlockGlobalBackgroundFetchWhileRoaming = 'Boolean | Optional | Block global background fetch while roaming over the cellular network.' CellularBlockPersonalHotspot = 'Boolean | Optional | This value is available only with certain carriers. This won''t show in the device''s management profile, but a block will be enforced for personal hotspot every time the device checks in (typically every 8 hours). Block modification of personal hotspot in addition to this setting to ensure personal hotspot will always be blocked.' DocumentsBlockManagedDocumentsInUnmanagedApps = 'Boolean | Optional | Indicates whether or not to block the user from viewing managed documents in unmanaged apps.' KioskModeBuiltInAppId = 'String | Optional | To see a list of bundle IDs for common built-in iOS apps, see the Intune documentation.' AppleWatchBlockPairing = 'Boolean | Optional | Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later).' AirPrintForceTrustedTLS = 'Boolean | Optional | Forces trusted certificates for TLS printing communication' WallpaperBlockModification = 'Boolean | Optional | Block wallpaper from being changed.' SiriRequireProfanityFilter = 'Boolean | Optional | Prevents Siri from dictating, or speaking profane language.' PasscodeBlockFingerprintUnlock = 'Boolean | Optional | Face ID is avaliable on iOS 11.0 and later.' ITunesBlockMusicService = 'Boolean | Optional | Block Music service. If true, Music app reverts to classic mode and Music service is disabled.' KioskModeAllowAssistiveSpeak = 'Boolean | Optional | Indicates whether or not to allow assistive speak while in kiosk mode.' UnpairedExternalBootToRecoveryAllowed = 'Boolean | Optional | Allow users to boot devices into recovery mode with unpaired devices. Available for devices running iOS and iPadOS versions 14.5 and later.' DefinitionLookupBlocked = 'Boolean | Optional | Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ).' FindMyFriendsBlocked = 'Boolean | Optional | Block changes to the Find My Friends app settings.' AppStoreRequirePassword = 'Boolean | Optional | Users must enter Apple ID password for each in-app and iTunes purchase.' ICloudBlockManagedAppsSync = 'Boolean | Optional | Block managed apps from syncing to cloud.' LockScreenBlockTodayView = 'Boolean | Optional | Indicates whether or not to block the user from using the Today View on the lock screen.' BluetoothBlockModification = 'Boolean | Optional | Block modification of Bluetooth settings. To use this setting, the device must be in supervised mode (iOS 10.0+).' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) SoftwareUpdatesForceDelayed = 'Boolean | Optional | Delay user visibility of Software Updates. This does not impact any scheduled updates. It represents days before software updates are visible to end users after release.' ConfigurationProfileBlockChanges = 'Boolean | Optional | Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode.' AppStoreBlockAutomaticDownloads = 'Boolean | Optional | Blocks automatic downloading of apps purchased on other devices. Does not affect updates to existing apps.' WiFiConnectOnlyToConfiguredNetworks = 'Boolean | Optional | Force the device to use only Wi-Fi networks set up through configuration profiles.' MediaContentRatingNewZealand = @{ movieRating = 'String | Optional | Movies rating selected for New Zealand | allAllowed / allBlocked / general / parentalGuidance / mature / agesAbove13 / agesAbove15 / agesAbove16 / agesAbove18 / restricted / agesAbove16Restricted' tvRating = 'String | Optional | TV rating selected for New Zealand | allAllowed / allBlocked / general / parentalGuidance / adults' } KioskModeRequireMonoAudio = 'Boolean | Optional | Indicates whether or not to enforce mono audio while in Kiosk Mode.' AppleNewsBlocked = 'Boolean | Optional | Block Apple News' MediaContentRatingApps = 'String | Optional | Media content rating settings for apps. | allAllowed / allBlocked / agesAbove4 / agesAbove9 / agesAbove12 / agesAbove17' LockScreenBlockControlCenter = 'Boolean | Optional | Indicates whether or not to block the user from using control center on the lock screen.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' CellularBlockPerAppDataModification = 'Boolean | Optional | Block changes to app cellular data usage settings.' ClassroomForceAutomaticallyJoinClasses = 'Boolean | Optional | Students can join a class without prompting the teacher.' ClassroomAppForceUnpromptedScreenObservation = 'Boolean | Optional | Student devices enrolled in a class via the Classroom app will automatically give permission to that course''s teacher to silently observe the student''s screen.' SafariCookieSettings = 'String | Optional | Cookie settings for Safari. | browserDefault / blockAlways / allowCurrentWebSite / allowFromWebsitesVisited / allowAlways' DeviceBlockNameModification = 'Boolean | Optional | Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later).' GamingBlockGameCenterFriends = 'Boolean | Optional | Block adding Game Center friends. For supervised devices as of iOS 13.0.' WifiPowerOnForced = 'Boolean | Optional | Wi-Fi can''t be turned off in the Settings app or in the Control Center, even when the device is in airplane mode. Available for iOS/iPadOS 13.0 and later.' ContactsAllowManagedToUnmanagedWrite = 'Boolean | Optional | Users can sync and add their managed contacts (including business and corporate ones) to an unmanaged app, such as the device''s built-in contacts app.' AirPrintBlockCredentialsStorage = 'Boolean | Optional | Blocks keychain storage of username and password for outgoing AirPrint request.' KioskModeAllowAssistiveTouchSettings = 'Boolean | Optional | Users can turn AssistiveTouch on or off.' PasscodeRequiredType = 'String | Optional | Type of passcode that is required. | deviceDefault / alphanumeric / numeric' PasscodePreviousPasscodeBlockCount = 'UInt32 | Optional | Number of new passwords that must be used until an old one can be reused. (1-24)' AutoFillForceAuthentication = 'Boolean | Optional | Require Touch ID or Face ID before passwords or credit card information can be auto filled in Safari and Apps. Available with iOS 12.0 and later.' CompliantAppListType = 'String | Optional | Device compliance can be viewed in the Restricted Apps Compliance report. | none / appsInListCompliant / appsNotInListCompliant' PasscodeExpirationDays = 'UInt32 | Optional | Number of days until device password must be changed. (1-65535)' ICloudBlockBackup = 'Boolean | Optional | Block backing up device to iCloud.' KioskModeAllowAutoLock = 'Boolean | Optional | Kiosk mode allow auto lock' KioskModeBlockTouchscreen = 'Boolean | Optional | Indicates whether or not to block the touchscreen while in Kiosk Mode.' KioskModeRequireZoom = 'Boolean | Optional | Indicates whether or not to enforce zoom while in Kiosk Mode.' } ) DeviceConfigurationPoliciesMacOS = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' ICloudBlockActivityContinuation = 'Boolean | Optional | Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.' AppleWatchBlockAutoUnlock = 'Boolean | Optional | Blocks users from unlocking their Mac with Apple Watch.' CameraBlocked = 'Boolean | Optional | Blocks users from taking photographs and videos.' ITunesBlockMusicService = 'Boolean | Optional | Configures whether or not to block files from being transferred using iTunes.' SoftwareUpdateMajorOSDeferredInstallDelayInDays = 'UInt32 | Optional | Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90' UpdateDelayPolicy = 'StringArray | Optional | Configures whether to delay OS and/or app updates for macOS. | none / delayOSUpdateVisibility / delayAppUpdateVisibility / unknownFutureValue / delayMajorOsUpdateVisibility' PasswordRequiredType = 'String | Optional | Specify the type of password required. | deviceDefault / alphanumeric / numeric' ICloudBlockPhotoLibrary = 'Boolean | Optional | Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.' SafariBlockAutofill = 'Boolean | Optional | Blocks Safari from remembering what users enter in web forms.' KeychainBlockCloudSync = 'Boolean | Optional | Disables syncing credentials stored in the Keychain to iCloud' ClassroomForceUnpromptedAppAndDeviceLock = 'Boolean | Optional | Teachers can lock a student''s device or app without the student''s approval.' ICloudBlockCalendar = 'Boolean | Optional | Blocks iCloud from syncing calendars.' GameCenterBlocked = 'Boolean | Optional | Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.' CompliantAppListType = 'String | Optional | Device compliance can be viewed in the Restricted Apps Compliance report. | none / appsInListCompliant / appsNotInListCompliant' TouchIdTimeoutInHours = 'UInt32 | Optional | Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647' MultiplayerGamingBlocked = 'Boolean | Optional | Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.' ICloudBlockMail = 'Boolean | Optional | Blocks iCloud from syncing mail.' AirDropBlocked = 'Boolean | Optional | Configures whether or not to allow AirDrop.' EraseContentAndSettingsBlocked = 'Boolean | Optional | Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.' PasswordMaximumAttemptCount = 'UInt32 | Optional | Configures the number of allowed failed attempts to enter the passcode at the device''s lock screen. Valid values 2 to 11' EmailInDomainSuffixes = 'StringArray | Optional | Emails that the user sends or receives which don''t match the domains you specify here will be marked as untrusted. ' Id = 'String | Optional | Id of the Intune policy.' ClassroomAppBlockRemoteScreenObservation = 'Boolean | Optional | Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students'' screens. This setting isn''t available if you''ve blocked screenshots.' SoftwareUpdateMinorOSDeferredInstallDelayInDays = 'UInt32 | Optional | Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90' ICloudDesktopAndDocumentsBlocked = 'Boolean | Optional | Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.' PasswordBlockModification = 'Boolean | Optional | Blocks user from changing the set passcode.' ICloudBlockReminders = 'Boolean | Optional | Blocks iCloud from syncing reminders.' ICloudBlockDocumentSync = 'Boolean | Optional | Blocks iCloud from syncing documents and data.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' SpotlightBlockInternetResults = 'Boolean | Optional | Blocks Spotlight from returning any results from an Internet search' SoftwareUpdatesEnforcedDelayInDays = 'UInt32 | Optional | Delay the user''s software update for this many days. The maximum is 90 days. (1-90)' PasswordExpirationDays = 'UInt32 | Optional | Number of days until device password must be changed. (1-65535)' Description = 'String | Optional | Description of the Intune policy.' ClassroomForceRequestPermissionToLeaveClasses = 'Boolean | Optional | Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.' PasswordBlockProximityRequests = 'Boolean | Optional | Configures whether or not to block requesting passwords from nearby devices.' WallpaperModificationBlocked = 'Boolean | Optional | Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.' PasswordMinutesUntilFailedLoginReset = 'UInt32 | Optional | Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.' ITunesBlockFileSharing = 'Boolean | Optional | Blocks files from being transferred using iTunes.' KeyboardBlockDictation = 'Boolean | Optional | Block dictation, which is a feature that converts the user''s voice to text.' CompliantAppsList = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' name = 'String | Optional | The application name' appId = 'String | Optional | The application or bundle identifier of the application' appStoreUrl = 'String | Optional | The Store URL of the application' odataType = 'String | Optional | Specify the odataType | #microsoft.graph.appleAppListItem' publisher = 'String | Optional | The publisher of the application' } ) PasswordMinimumCharacterSetCount = 'UInt32 | Optional | Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.' PasswordBlockAutoFill = 'Boolean | Optional | Configures whether or not to block the AutoFill Passwords feature.' DisplayName = 'String | Required | Display name of the Intune policy.' PasswordMinimumLength = 'UInt32 | Optional | Minimum number of digits or characters in password (4-16).' PasswordBlockSimple = 'Boolean | Optional | Block simple password sequences, such as 1234 or 1111.' ICloudBlockAddressBook = 'Boolean | Optional | Blocks iCloud from syncing contacts.' PasswordRequired = 'Boolean | Optional | Specify the type of password required.' PasswordBlockFingerprintUnlock = 'Boolean | Optional | Requires user to set a non-biometric passcode or password to unlock the device.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | Set to 0 to use the device''s minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.' ScreenCaptureBlocked = 'Boolean | Optional | Configures whether or not to block the user from taking Screenshots.' ICloudPrivateRelayBlocked = 'Boolean | Optional | Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.' ContentCachingBlocked = 'Boolean | Optional | Configures whether or not to allow content caching.' AddingGameCenterFriendsBlocked = 'Boolean | Optional | Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.' ICloudBlockNotes = 'Boolean | Optional | Blocks iCloud from syncing notes.' ClassroomForceAutomaticallyJoinClasses = 'Boolean | Optional | Students can join a class without prompting the teacher.' ICloudBlockBookmarks = 'Boolean | Optional | Blocks iCloud from syncing bookmarks.' PrivacyAccessControls = @( @{ photos = 'String | Optional | Allow or block access to images managed by Photos. | notConfigured / enabled / disabled' systemPolicySystemAdminFiles = 'String | Optional | Allow app or process to access files used in system administration. | notConfigured / enabled / disabled' systemPolicyAllFiles = 'String | Optional | Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution. | notConfigured / enabled / disabled' systemPolicyNetworkVolumes = 'String | Optional | Allow or block access to network volumes. Requires macOS 10.15 or later. | notConfigured / enabled / disabled' displayName = 'String | Optional | The display name of the app, process, or executable.' reminders = 'String | Optional | Allow or block access to information managed by Reminders. | notConfigured / enabled / disabled' systemPolicyRemovableVolumes = 'String | Optional | Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later. | notConfigured / enabled / disabled' calendar = 'String | Optional | Allow or block access to event information managed by Calendar. | notConfigured / enabled / disabled' postEvent = 'String | Optional | Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream. | notConfigured / enabled / disabled' systemPolicyDownloadsFolder = 'String | Optional | Allow or block access to Downloads folder. | notConfigured / enabled / disabled' speechRecognition = 'String | Optional | Allow or block access to system speech recognition facility. | notConfigured / enabled / disabled' appleEventsAllowedReceivers = @( @{ identifierType = 'String | Optional | Use bundle ID for an app or path for a process or executable that receives the Apple Event. | bundleID / path' identifier = 'String | Optional | Bundle ID of the app or file path of the process or executable that receives the Apple Event.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' allowed = 'Boolean | Optional | Allow or block this app from receiving Apple events.' codeRequirement = 'String | Optional | Code requirement for the app or binary that receives the Apple Event.' } ) blockCamera = 'Boolean | Optional | Block access to camera app.' blockListenEvent = 'Boolean | Optional | Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.' identifier = 'String | Optional | The bundle ID or path of the app, process, or executable.' fileProviderPresence = 'String | Optional | Allow the app or process to access files managed by another app''s file provider extension. Requires macOS 10.15 or later. | notConfigured / enabled / disabled' systemPolicyDocumentsFolder = 'String | Optional | Allow or block access to Documents folder. | notConfigured / enabled / disabled' accessibility = 'String | Optional | Allow the app or process to control the Mac via the Accessibility subsystem. | notConfigured / enabled / disabled' codeRequirement = 'String | Optional | Enter the code requirement, which can be obtained with the command ''codesign -display -r -'' in the Terminal app. Include everything after ''=>''.' systemPolicyDesktopFolder = 'String | Optional | Allow or block access to Desktop folder. | notConfigured / enabled / disabled' blockScreenCapture = 'Boolean | Optional | Block app from capturing contents of system display. Requires macOS 10.15 or later.' staticCodeValidation = 'Boolean | Optional | Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' addressBook = 'String | Optional | Allow or block access to contact information managed by Contacts. | notConfigured / enabled / disabled' mediaLibrary = 'String | Optional | Allow or block access to music and the media library. | notConfigured / enabled / disabled' blockMicrophone = 'Boolean | Optional | Block access to microphone.' identifierType = 'String | Optional | A bundle ID is used to identify an app. A path is used to identify a process or executable. | bundleID / path' } ) ClassroomAppForceUnpromptedScreenObservation = 'Boolean | Optional | Unprompted observation means that teachers can view screens without warning students first. This setting isn''t available if you''ve blocked screenshots.' PasswordBlockAirDropSharing = 'Boolean | Optional | Configures whether or not to block sharing passwords with the AirDrop passwords feature.' PasswordMinutesOfInactivityBeforeLock = 'UInt32 | Optional | Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.' SoftwareUpdateNonOSDeferredInstallDelayInDays = 'UInt32 | Optional | Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90' DefinitionLookupBlocked = 'Boolean | Optional | Block look up, a feature that looks up the definition of a highlighted word.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | Number of new passwords that must be used until an old one can be reused. (1-24)' } ) DeviceConfigurationPoliciesWindows10 = @( @{ EnterpriseCloudPrintResourceIdentifier = 'String | Optional | OAuth resource URI for print service as configured in the Azure portal.' DataProtectionBlockDirectMemoryAccess = 'Boolean | Optional | This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.' ExperienceBlockDeviceDiscovery = 'Boolean | Optional | Indicates whether or not to enable device discovery UX.' InkWorkspaceAccessState = 'String | Optional | Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' BluetoothBlocked = 'Boolean | Optional | Whether or not to Block the user from using bluetooth.' PowerLidCloseActionOnBattery = 'String | Optional | This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' ExperienceDoNotSyncBrowserSettings = 'String | Optional | Allow or prevent the syncing of Microsoft Edge Browser settings. Option for IT admins to prevent syncing across devices, but allow user override. Possible values are: notConfigured, blockedWithUserOverride, blocked. | notConfigured / blockedWithUserOverride / blocked' ExperienceBlockErrorDialogWhenNoSIM = 'Boolean | Optional | Indicates whether or not to allow the error dialog from displaying if no SIM card is detected.' DefenderScanMaxCpu = 'UInt32 | Optional | Max CPU usage percentage during scan. Valid values 0 to 100' MessagingBlockSync = 'Boolean | Optional | Indicates whether or not to block text message back up and restore and Messaging Everywhere.' CortanaBlocked = 'Boolean | Optional | Whether or not to Block the user from using Cortana.' StartMenuPinnedFolderMusic = 'String | Optional | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' DefenderScanNetworkFiles = 'Boolean | Optional | Indicates whether or not to scan files opened from a network folder.' PasswordRequired = 'Boolean | Optional | Indicates whether or not to require the user to have a password.' InkWorkspaceAccess = 'String | Optional | Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' EdgeBlockAccessToAboutFlags = 'Boolean | Optional | Indicates whether or not to prevent access to about flags on Edge browser.' EdgeKioskModeRestriction = 'String | Optional | Controls how the Microsoft Edge settings are restricted based on the configure kiosk mode. Possible values are: notConfigured, digitalSignage, normalMode, publicBrowsingSingleApp, publicBrowsingMultiApp. | notConfigured / digitalSignage / normalMode / publicBrowsingSingleApp / publicBrowsingMultiApp' EdgeBlockDeveloperTools = 'Boolean | Optional | Indicates whether or not to block developer tools in the Edge browser.' AppsAllowTrustedAppsSideloading = 'String | Optional | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' SmartScreenEnableAppInstallControl = 'Boolean | Optional | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.' EdgeBlockFullScreenMode = 'Boolean | Optional | Allow or prevent Edge from entering the full screen mode.' DefenderDisableCatchupQuickScan = 'Boolean | Optional | When blocked, catch-up scans for scheduled quick scans will be turned off.' SettingsBlockChangeSystemTime = 'Boolean | Optional | Indicates whether or not to block the user from changing date and time settings.' WindowsSpotlightConfigureOnLockScreen = 'String | Optional | Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled. | notConfigured / disabled / enabled' LockScreenBlockActionCenterNotifications = 'Boolean | Optional | Indicates whether or not to block action center notifications over lock screen.' StartMenuHideRecentJumpLists = 'Boolean | Optional | Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.' StartMenuAppListVisibility = 'String | Optional | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp. | userDefined / collapse / remove / disableSettingsApp' DeviceManagementBlockManualUnenroll = 'Boolean | Optional | Indicates whether or not to Block the user from doing manual un-enrollment from device management.' EdgeBlockSearchEngineCustomization = 'Boolean | Optional | Indicates whether or not to block the user from adding new search engine or changing the default search engine.' PowerSleepButtonActionOnBattery = 'String | Optional | This setting specifies the action that Windows takes when a user presses the Sleep button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' EdgeBlockSendingIntranetTrafficToInternetExplorer = 'Boolean | Optional | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead.' EdgeBlockEditFavorites = 'Boolean | Optional | Indicates whether or not to Block the user from making changes to Favorites.' PasswordBlockSimple = 'Boolean | Optional | Specify whether PINs or passwords such as ''1111'' or ''1234'' are allowed. For Windows 10 desktops, it also controls the use of picture passwords.' StartMenuHideSignOut = 'Boolean | Optional | Enabling this policy hides sign out from appearing in the user tile in the start menu.' SearchBlockWebResults = 'Boolean | Optional | Indicates whether or not to block the web search.' CellularBlockDataWhenRoaming = 'Boolean | Optional | Whether or not to Block the user from using data over cellular while roaming.' StartMenuPinnedFolderPersonalFolder = 'String | Optional | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' EnergySaverOnBatteryThresholdPercentage = 'UInt32 | Optional | This setting allows you to specify battery charge level at which Energy Saver is turned on. While on battery, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100' StartMenuHideHibernate = 'Boolean | Optional | Enabling this policy hides hibernate from appearing in the power button in the start menu.' EdgePreventCertificateErrorOverride = 'Boolean | Optional | Allow or prevent users from overriding certificate errors.' PersonalizationLockScreenImageUrl = 'String | Optional | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.' DefenderCloudBlockLevel = 'String | Optional | Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance. | notConfigured / high / highPlus / zeroTolerance' AuthenticationPreferredAzureADTenantDomainName = 'String | Optional | Specifies the preferred domain among available domains in the Azure AD tenant.' WindowsStoreEnablePrivateStoreOnly = 'Boolean | Optional | Indicates whether or not to enable Private Store Only.' EdgeBlockCompatibilityList = 'Boolean | Optional | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues.' SearchEnableRemoteQueries = 'Boolean | Optional | Indicates whether or not to block remote queries of this computers index.' DefenderCloudExtendedTimeout = 'UInt32 | Optional | Timeout extension for file scanning by the cloud. Valid values 0 to 50' WirelessDisplayBlockUserInputFromReceiver = 'Boolean | Optional | Indicates whether or not to allow user input from wireless display receiver.' BluetoothBlockPromptedProximalConnections = 'Boolean | Optional | Whether or not to block the users from using Swift Pair and other proximity based scenarios.' SecurityBlockAzureADJoinedDevicesAutoEncryption = 'Boolean | Optional | Specify whether to allow automatic device encryption during OOBE when the device is Azure AD joined (desktop only).' EdgeBlockPrinting = 'Boolean | Optional | Configure Edge to allow or block printing.' EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier = 'String | Optional | OAuth resource URI for printer discovery service as configured in Azure portal.' StartMenuPinnedFolderHomeGroup = 'String | Optional | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' StartMenuMode = 'String | Optional | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen. | userDefined / fullScreen / nonFullScreen' PowerButtonActionPluggedIn = 'String | Optional | This setting specifies the action that Windows takes when a user presses the Power button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' SettingsBlockEditDeviceName = 'Boolean | Optional | Indicates whether or not to block the user from editing the device name.' StartMenuPinnedFolderSettings = 'String | Optional | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' StartMenuPinnedFolderNetwork = 'String | Optional | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' SmartScreenAppInstallControl = 'String | Optional | Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. Possible values are: notConfigured, anywhere, storeOnly, recommendations, preferStore. | notConfigured / anywhere / storeOnly / recommendations / preferStore' SettingsBlockGamingPage = 'Boolean | Optional | Indicates whether or not to block access to Gaming in Settings app.' SettingsBlockDevicesPage = 'Boolean | Optional | Indicates whether or not to block access to Devices in Settings app.' SettingsBlockUpdateSecurityPage = 'Boolean | Optional | Indicates whether or not to block access to Update & Security in Settings app.' WindowsSpotlightBlockConsumerSpecificFeatures = 'Boolean | Optional | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.' EdgeOpensWith = 'String | Optional | Specify what kind of pages are open at start. Possible values are: notConfigured, startPage, newTabPage, previousPages, specificPages. | notConfigured / startPage / newTabPage / previousPages / specificPages' DefenderCloudExtendedTimeoutInSeconds = 'UInt32 | Optional | Timeout extension for file scanning by the cloud. Valid values 0 to 50' DefenderSignatureUpdateIntervalInHours = 'UInt32 | Optional | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24' WindowsSpotlightBlocked = 'Boolean | Optional | Allows IT admins to turn off all Windows Spotlight features' AppsBlockWindowsStoreOriginatedApps = 'Boolean | Optional | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded.' SettingsBlockPrivacyPage = 'Boolean | Optional | Indicates whether or not to block access to Privacy in Settings app.' DefenderDetectedMalwareActions = @{ LowSeverity = 'String | Optional | Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' SevereSeverity = 'String | Optional | Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' ModerateSeverity = 'String | Optional | Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' HighSeverity = 'String | Optional | Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block. | deviceDefault / clean / quarantine / remove / allow / userDefined / block' } StartMenuHideSleep = 'Boolean | Optional | Enabling this policy hides sleep from appearing in the power button in the start menu.' SettingsBlockChangeRegion = 'Boolean | Optional | Indicates whether or not to block the user from changing the region settings.' SettingsBlockSettingsApp = 'Boolean | Optional | Indicates whether or not to block access to Settings app.' EdgeFirstRunUrl = 'String | Optional | The first run URL for when Edge browser is opened for the first time.' CryptographyAllowFipsAlgorithmPolicy = 'Boolean | Optional | Specify whether to allow or disallow the Federal Information Processing Standard (FIPS) policy.' EdgeHomeButtonConfiguration = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.edgeHomeButtonHidden / #microsoft.graph.edgeHomeButtonLoadsStartPage / #microsoft.graph.edgeHomeButtonOpensCustomURL / #microsoft.graph.edgeHomeButtonOpensNewTab' HomeButtonCustomURL = 'String | Optional | The specific URL to load.' } SearchEnableAutomaticIndexSizeManangement = 'Boolean | Optional | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops.' DefenderProcessesToExclude = 'StringArray | Optional | Processes to exclude from scans and real time protection.' BluetoothBlockAdvertising = 'Boolean | Optional | Whether or not to Block the user from using bluetooth advertising.' DefenderScheduledScanTime = 'String | Optional | The defender time for the system scan.' CellularData = 'String | Optional | Whether or not to allow the cellular data channel on the device. If not configured, the cellular data channel is allowed and the user can turn it off. Possible values are: blocked, required, allowed, notConfigured. | blocked / required / allowed / notConfigured' SearchDisableIndexingEncryptedItems = 'Boolean | Optional | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer.' PasswordMinimumCharacterSetCount = 'UInt32 | Optional | The number of character sets required in the password.' SettingsBlockAppsPage = 'Boolean | Optional | Indicates whether or not to block access to Apps in Settings app.' ConfigureTimeZone = 'String | Optional | Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.' StorageRestrictAppDataToSystemVolume = 'Boolean | Optional | Indicates whether application data is restricted to the system drive.' ExperienceBlockTaskSwitcher = 'Boolean | Optional | Indicates whether or not to enable task switching on the device.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' AppManagementMSIAlwaysInstallWithElevatedPrivileges = 'Boolean | Optional | This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.' StartBlockUnpinningAppsFromTaskbar = 'Boolean | Optional | Indicates whether or not to block the user from unpinning apps from taskbar.' StartMenuHideUserTile = 'Boolean | Optional | Enabling this policy hides the user tile from appearing in the start menu.' MessagingBlockRichCommunicationServices = 'Boolean | Optional | Indicates whether or not to block the RCS send/receive functionality on the device.' CellularBlockVpnWhenRoaming = 'Boolean | Optional | Whether or not to Block the user from using VPN when roaming over cellular.' PasswordSignInFailureCountBeforeFactoryReset = 'UInt32 | Optional | The number of sign in failures before factory reset. Valid values 0 to 999' AccountsBlockAddingNonMicrosoftAccountEmail = 'Boolean | Optional | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account.' EdgeRequiredExtensionPackageFamilyNames = 'StringArray | Optional | Specify the list of package family names of browser extensions that are required and cannot be turned off by the user.' EdgeFavoritesBarVisibility = 'String | Optional | Get or set a value that specifies whether to set the favorites bar to always be visible or hidden on any page. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' MicrosoftAccountBlockSettingsSync = 'Boolean | Optional | Indicates whether or not to Block Microsoft account settings sync.' UninstallBuiltInApps = 'Boolean | Optional | Indicates whether or not to uninstall a fixed list of built-in Windows apps.' StartMenuPinnedFolderFileExplorer = 'String | Optional | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' EdgeBlockSendingDoNotTrackHeader = 'Boolean | Optional | Indicates whether or not to Block the user from sending the do not track header.' PasswordExpirationDays = 'UInt32 | Optional | The password expiration in days. Valid values 0 to 730' EdgeHomepageUrls = 'StringArray | Optional | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser.' StartMenuPinnedFolderPictures = 'String | Optional | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' PasswordRequireWhenResumeFromIdleState = 'Boolean | Optional | Indicates whether or not to require a password upon resuming from an idle state.' WindowsStoreBlockAutoUpdate = 'Boolean | Optional | Indicates whether or not to block automatic update of apps from Windows Store.' DefenderScheduleScanEnableLowCpuPriority = 'Boolean | Optional | When enabled, low CPU priority will be used during scheduled scans.' EdgeBlockPrelaunch = 'Boolean | Optional | Decide whether Microsoft Edge is prelaunched at Windows startup.' MessagingBlockMMS = 'Boolean | Optional | Indicates whether or not to block the MMS send/receive functionality on the device.' WindowsStoreBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from using the Windows store.' WiFiBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from using Wi-Fi.' Description = 'String | Optional | Admin provided description of the Device Configuration.' CertificatesBlockManualRootCertificateInstallation = 'Boolean | Optional | Whether or not to Block the user from doing manual root certificate installation.' StartMenuPinnedFolderDocuments = 'String | Optional | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' EdgeSyncFavoritesWithInternetExplorer = 'Boolean | Optional | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers.' StartMenuLayoutEdgeAssetsXml = 'String | Optional | This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array.' EdgeBlockWebContentOnNewTabPage = 'Boolean | Optional | Configure to load a blank page in Edge instead of the default New tab page and prevent users from changing it.' EdgeFavoritesListLocation = 'String | Optional | The location of the favorites list to provision. Could be a local file, local network or http location.' DefenderPromptForSampleSubmission = 'String | Optional | The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting. | userDefined / alwaysPrompt / promptBeforeSendingPersonalData / neverSendData / sendAllDataWithoutPrompting' DefenderDaysBeforeDeletingQuarantinedMalware = 'UInt32 | Optional | Number of days before deleting quarantined malware. Valid values 0 to 90' PrivacyBlockActivityFeed = 'Boolean | Optional | Blocks the usage of cloud based speech services for Cortana, Dictation, or Store applications.' StorageBlockRemovableStorage = 'Boolean | Optional | Indicates whether or not to Block the user from using removable storage.' LockScreenAllowTimeoutConfiguration = 'Boolean | Optional | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored.' EnterpriseCloudPrintDiscoveryMaxLimit = 'UInt32 | Optional | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535' WebRtcBlockLocalhostIpAddress = 'Boolean | Optional | Indicates whether or not user''s localhost IP address is displayed while making phone calls using the WebRTC' PrivacyDisableLaunchExperience = 'Boolean | Optional | This policy prevents the privacy experience from launching during user logon for new and upgraded users.' CameraBlocked = 'Boolean | Optional | Whether or not to Block the user from accessing the camera of the device.' SafeSearchFilter = 'String | Optional | Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate. | userDefined / strict / moderate' SearchDisableIndexingRemovableDrive = 'Boolean | Optional | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed.' SearchBlockDiacritics = 'Boolean | Optional | Specifies if search can use diacritics.' SettingsBlockRemoveProvisioningPackage = 'Boolean | Optional | Indicates whether or not to block the runtime configuration agent from removing provisioning packages.' StartMenuPinnedFolderDownloads = 'String | Optional | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' NetworkProxyServer = @{ UseForLocalAddresses = 'Boolean | Optional | Specifies whether the proxy server should be used for local (intranet) addresses.' Exceptions = 'StringArray | Optional | Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node.' Address = 'String | Optional | Address to the proxy server. Specify an address in the format '':''' } EdgeNewTabPageURL = 'String | Optional | Specify the page opened when new tabs are created.' EdgeBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from using the Edge browser.' PasswordRequiredType = 'String | Optional | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. | deviceDefault / alphanumeric / numeric' DefenderSubmitSamplesConsentType = 'String | Optional | Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically. | sendSafeSamplesAutomatically / alwaysPrompt / neverSend / sendAllSamplesAutomatically' StartMenuHideChangeAccountSettings = 'Boolean | Optional | Enabling this policy hides the change account setting from appearing in the user tile in the start menu.' PasswordMinimumLength = 'UInt32 | Optional | The minimum password length. Valid values 4 to 16' SettingsBlockSystemPage = 'Boolean | Optional | Indicates whether or not to block access to System in Settings app.' LocationServicesBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from location services.' NfcBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from using near field communication.' TenantLockdownRequireNetworkDuringOutOfBoxExperience = 'Boolean | Optional | Whether the device is required to connect to the network.' StartMenuHidePowerButton = 'Boolean | Optional | Enabling this policy hides the power button from appearing in the start menu.' EdgeEnterpriseModeSiteListLocation = 'String | Optional | Indicates the enterprise mode site list location. Could be a local file, local network or http location.' DefenderDisableCatchupFullScan = 'Boolean | Optional | When blocked, catch-up scans for scheduled full scans will be turned off.' DefenderScanScriptsLoadedInInternetExplorer = 'Boolean | Optional | Indicates whether or not to scan scripts loaded in Internet Explorer browser.' PrinterBlockAddition = 'Boolean | Optional | Prevent user installation of additional printers from printers settings.' PasswordMinutesOfInactivityBeforeScreenTimeout = 'UInt32 | Optional | The minutes of inactivity before the screen times out.' EdgeKioskResetAfterIdleTimeInMinutes = 'UInt32 | Optional | Specifies the time in minutes from the last user activity before Microsoft Edge kiosk resets. Valid values are 0-1440. The default is 5. 0 indicates no reset. Valid values 0 to 1440' DefenderScanRemovableDrivesDuringFullScan = 'Boolean | Optional | Indicates whether or not to scan removable drives during full scan.' MicrosoftAccountBlocked = 'Boolean | Optional | Indicates whether or not to Block a Microsoft account.' DiagnosticsDataSubmissionMode = 'String | Optional | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full. | userDefined / none / basic / enhanced / full' SettingsBlockChangePowerSleep = 'Boolean | Optional | Indicates whether or not to block the user from changing power and sleep settings.' SharedUserAppDataAllowed = 'Boolean | Optional | Indicates whether or not to block multiple users of the same app to share data.' EdgeBlockPasswordManager = 'Boolean | Optional | Indicates whether or not to Block password manager.' WiFiScanInterval = 'UInt32 | Optional | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500' DefenderBlockOnAccessProtection = 'Boolean | Optional | Allows or disallows Windows Defender On Access Protection functionality.' EdgeBlockTabPreloading = 'Boolean | Optional | Configure whether Edge preloads the new tab page at Windows startup.' CopyPasteBlocked = 'Boolean | Optional | Whether or not to Block the user from using copy paste.' DefenderScheduledQuickScanTime = 'String | Optional | The time to perform a daily quick scan.' VoiceRecordingBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from voice recording.' WindowsSpotlightBlockTailoredExperiences = 'Boolean | Optional | Block personalized content in Windows spotlight based on users device usage.' LockScreenBlockToastNotifications = 'Boolean | Optional | Indicates whether to allow toast notifications above the device lock screen.' Windows10AppsForceUpdateSchedule = @{ RunImmediatelyIfAfterStartDateTime = 'Boolean | Optional | If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.' Recurrence = 'String | Optional | Recurrence schedule. Possible values are: none, daily, weekly, monthly. | none / daily / weekly / monthly' StartDateTime = 'String | Optional | The start time for the force restart.' } AppManagementMSIAllowUserControlOverInstall = 'Boolean | Optional | This policy setting permits users to change installation options that typically are available only to system administrators.' LockScreenActivateAppsWithVoice = 'String | Optional | This policy setting specifies whether Windows apps can be activated by voice while the system is locked. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' PrivacyAdvertisingId = 'String | Optional | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' StartMenuHideLock = 'Boolean | Optional | Enabling this policy hides lock from appearing in the user tile in the start menu.' PrivacyBlockInputPersonalization = 'Boolean | Optional | Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications.' CellularBlockVpn = 'Boolean | Optional | Whether or not to Block the user from using VPN over cellular.' AppManagementPackageFamilyNamesToLaunchAfterLogOn = 'StringArray | Optional | List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.' BluetoothBlockDiscoverableMode = 'Boolean | Optional | Whether or not to Block the user from using bluetooth discoverable mode.' DefenderFileExtensionsToExclude = 'StringArray | Optional | File extensions to exclude from scans and real time protection.' WiFiBlockManualConfiguration = 'Boolean | Optional | Indicates whether or not to Block the user from using Wi-Fi manual configuration.' AntiTheftModeBlocked = 'Boolean | Optional | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only).' PrinterNames = 'StringArray | Optional | Automatically provision printers based on their names (network host names).' SettingsBlockChangeLanguage = 'Boolean | Optional | Indicates whether or not to block the user from changing the language settings.' ActivateAppsWithVoice = 'String | Optional | Specifies if Windows apps can be activated by voice. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' EdgeBlockInPrivateBrowsing = 'Boolean | Optional | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser.' WindowsSpotlightBlockThirdPartyNotifications = 'Boolean | Optional | Block third party content delivered via Windows Spotlight' DeveloperUnlockSetting = 'String | Optional | Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed. | notConfigured / blocked / allowed' LockScreenTimeoutInSeconds = 'UInt32 | Optional | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800' AuthenticationWebSignIn = 'String | Optional | Indicates whether or not Web Credential Provider will be enabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DefenderPotentiallyUnwantedAppActionSetting = 'String | Optional | Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: userDefined, enable, auditMode, warn, notConfigured. | userDefined / enable / auditMode / warn / notConfigured' Id = 'String | Optional | The unique identifier for an entity. Read-only.' SearchDisableIndexerBackoff = 'Boolean | Optional | Indicates whether or not to disable the search indexer backoff feature.' EnableAutomaticRedeployment = 'Boolean | Optional | Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically re-configured and re-enrolled into management.' SearchDisableLocation = 'Boolean | Optional | Specifies if search can use location information.' MicrosoftAccountSignInAssistantSettings = 'String | Optional | Controls the Microsoft Account Sign-In Assistant (wlidsvc) NT service. Possible values are: notConfigured, disabled. | notConfigured / disabled' StartMenuHideSwitchAccount = 'Boolean | Optional | Enabling this policy hides switch account from appearing in the user tile in the start menu.' DefenderBlockEndUserAccess = 'Boolean | Optional | Whether or not to block end user access to Defender.' EdgeBlockSearchSuggestions = 'Boolean | Optional | Indicates whether or not to block the user from using the search suggestions in the address bar.' DefenderRequireNetworkInspectionSystem = 'Boolean | Optional | Indicates whether or not to require network inspection system.' TaskManagerBlockEndTask = 'Boolean | Optional | Specify whether non-administrators can use Task Manager to end tasks.' SmartScreenBlockPromptOverrideForFiles = 'Boolean | Optional | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files' PowerLidCloseActionPluggedIn = 'String | Optional | This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' PowerHybridSleepOnBattery = 'String | Optional | This setting allows you to turn off hybrid sleep while on battery. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DefenderFilesAndFoldersToExclude = 'StringArray | Optional | Files and folder to exclude from scans and real time protection.' ResetProtectionModeBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from reset protection mode.' BluetoothAllowedServices = 'StringArray | Optional | Specify a list of allowed Bluetooth services and profiles in hex formatted strings.' DefenderScanArchiveFiles = 'Boolean | Optional | Indicates whether or not to scan archive files.' DisplayAppListWithGdiDPIScalingTurnedOff = 'StringArray | Optional | List of legacy applications that have GDI DPI Scaling turned off.' DefenderScanIncomingMail = 'Boolean | Optional | Indicates whether or not to scan incoming mail messages.' EdgeDisableFirstRunPage = 'Boolean | Optional | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page.' LockScreenBlockCortana = 'Boolean | Optional | Indicates whether or not the user can interact with Cortana using speech while the system is locked.' StartMenuHideRecentlyAddedApps = 'Boolean | Optional | Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.' PowerButtonActionOnBattery = 'String | Optional | This setting specifies the action that Windows takes when a user presses the Power button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' DefenderPotentiallyUnwantedAppAction = 'String | Optional | Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: deviceDefault, block, audit. | deviceDefault / block / audit' ScreenCaptureBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from taking Screenshots.' DeviceManagementBlockFactoryResetOnMobile = 'Boolean | Optional | Indicates whether or not to Block the user from resetting their phone.' EdgeBlockJavaScript = 'Boolean | Optional | Indicates whether or not to Block the user from using JavaScript.' EnterpriseCloudPrintDiscoveryEndPoint = 'String | Optional | Endpoint for discovering cloud printers.' DisplayName = 'String | Required | Admin provided name of the device configuration.' EdgeRequireSmartScreen = 'Boolean | Optional | Indicates whether or not to Require the user to use the smart screen filter.' AuthenticationAllowSecondaryDevice = 'Boolean | Optional | Allows secondary authentication devices to work with Windows.' PasswordMinimumAgeInDays = 'UInt32 | Optional | This security setting determines the period of time (in days) that a password must be used before the user can change it. Valid values 0 to 998' SettingsBlockNetworkInternetPage = 'Boolean | Optional | Indicates whether or not to block access to Network & Internet in Settings app.' UsbBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from USB connection.' SystemTelemetryProxyServer = 'String | Optional | Gets or sets the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests.' OneDriveDisableFileSync = 'Boolean | Optional | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive.' EnterpriseCloudPrintOAuthAuthority = 'String | Optional | Authentication endpoint for acquiring OAuth tokens.' StartMenuLayoutXml = 'String | Optional | Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format.' DisplayAppListWithGdiDPIScalingTurnedOn = 'StringArray | Optional | List of legacy applications that have GDI DPI Scaling turned on.' EdgeSendIntranetTrafficToInternetExplorer = 'Boolean | Optional | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer.' WirelessDisplayBlockProjectionToThisDevice = 'Boolean | Optional | Indicates whether or not to allow other devices from discovering this PC for projection.' EdgeBlockLiveTileDataCollection = 'Boolean | Optional | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge.' NetworkProxyApplySettingsDeviceWide = 'Boolean | Optional | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account thats enrolled into MDM.' StartMenuHideRestartOptions = 'Boolean | Optional | Enabling this policy hides ''Restart/Update and Restart'' from appearing in the power button in the start menu.' SearchDisableAutoLanguageDetection = 'Boolean | Optional | Specifies whether to use automatic language detection when indexing content and properties.' EdgeAllowStartPagesModification = 'Boolean | Optional | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge.' PrinterDefaultName = 'String | Optional | Name (network host name) of an installed printer.' DefenderRequireRealTimeMonitoring = 'Boolean | Optional | Indicates whether or not to require real time monitoring.' EdgeBlockAutofill = 'Boolean | Optional | Indicates whether or not to block auto fill.' SettingsBlockAddProvisioningPackage = 'Boolean | Optional | Indicates whether or not to block the user from installing provisioning packages.' NetworkProxyDisableAutoDetect = 'Boolean | Optional | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script.' SearchDisableUseLocation = 'Boolean | Optional | Specifies if search can use location information.' LogonBlockFastUserSwitching = 'Boolean | Optional | Disables the ability to quickly switch between users that are logged on simultaneously without logging off.' PowerHybridSleepPluggedIn = 'String | Optional | This setting allows you to turn off hybrid sleep while plugged in. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' EdgeTelemetryForMicrosoft365Analytics = 'String | Optional | Specifies what type of telemetry data (none, intranet, internet, both) is sent to Microsoft 365 Analytics. Possible values are: notConfigured, intranet, internet, intranetAndInternet. | notConfigured / intranet / internet / intranetAndInternet' GameDvrBlocked = 'Boolean | Optional | Indicates whether or not to block DVR and broadcasting.' EdgeClearBrowsingDataOnExit = 'Boolean | Optional | Clear browsing data on exiting Microsoft Edge.' EdgeBlockSideloadingExtensions = 'Boolean | Optional | Indicates whether the user can sideload extensions.' DefenderScanType = 'String | Optional | The defender system scan type. Possible values are: userDefined, disabled, quick, full. | userDefined / disabled / quick / full' InkWorkspaceBlockSuggestedApps = 'Boolean | Optional | Specify whether to show recommended app suggestions in the ink workspace.' EnterpriseCloudPrintOAuthClientIdentifier = 'String | Optional | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority.' SmartScreenBlockPromptOverride = 'Boolean | Optional | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites.' DefenderScanMappedNetworkDrivesDuringFullScan = 'Boolean | Optional | Indicates whether or not to scan mapped network drives during full scan.' EnergySaverPluggedInThresholdPercentage = 'UInt32 | Optional | This setting allows you to specify battery charge level at which Energy Saver is turned on. While plugged in, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100' SettingsBlockAccountsPage = 'Boolean | Optional | Indicates whether or not to block access to Accounts in Settings app.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) StorageRestrictAppInstallToSystemVolume = 'Boolean | Optional | Indicates whether the installation of applications is restricted to the system drive.' StartMenuHideShutDown = 'Boolean | Optional | Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu.' WindowsSpotlightBlockWelcomeExperience = 'Boolean | Optional | Block Windows Spotlight Windows welcome experience' DefenderMonitorFileActivity = 'String | Optional | Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. | userDefined / disable / monitorAllFiles / monitorIncomingFilesOnly / monitorOutgoingFilesOnly' PrivacyBlockPublishUserActivities = 'Boolean | Optional | Blocks the shared experiences/discovery of recently used resources in task switcher etc.' DefenderScanDownloads = 'Boolean | Optional | Indicates whether or not to scan downloads.' WindowsSpotlightBlockOnActionCenter = 'Boolean | Optional | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed' SettingsBlockTimeLanguagePage = 'Boolean | Optional | Indicates whether or not to block access to Time & Language in Settings app.' EdgeBlockPopups = 'Boolean | Optional | Indicates whether or not to block popups.' PrivacyAutoAcceptPairingAndConsentPrompts = 'Boolean | Optional | Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps.' StartMenuPinnedFolderVideos = 'String | Optional | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. | notConfigured / hide / show' EdgeShowMessageWhenOpeningInternetExplorerSites = 'String | Optional | Controls the message displayed by Edge before switching to Internet Explorer. Possible values are: notConfigured, disabled, enabled, keepGoing. | notConfigured / disabled / enabled / keepGoing' WiFiBlockAutomaticConnectHotspots = 'Boolean | Optional | Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' DefenderRequireBehaviorMonitoring = 'Boolean | Optional | Indicates whether or not to require behavior monitoring.' WindowsSpotlightBlockWindowsTips = 'Boolean | Optional | Allows IT admins to turn off the popup of Windows Tips.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DefenderSystemScanSchedule = 'String | Optional | Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan. | userDefined / everyday / sunday / monday / tuesday / wednesday / thursday / friday / saturday / noScheduledScan' SettingsBlockPersonalizationPage = 'Boolean | Optional | Indicates whether or not to block access to Personalization in Settings app.' PersonalizationDesktopImageUrl = 'String | Optional | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image.' EdgeHomeButtonConfigurationEnabled = 'Boolean | Optional | Enable the Home button configuration.' DefenderRequireCloudProtection = 'Boolean | Optional | Indicates whether or not to require cloud protection.' NetworkProxyAutomaticConfigurationUrl = 'String | Optional | Address to the proxy auto-config (PAC) script you want to use.' WirelessDisplayRequirePinForPairing = 'Boolean | Optional | Indicates whether or not to require a PIN for new devices to initiate pairing.' PasswordPreviousPasswordBlockCount = 'UInt32 | Optional | The number of previous passwords to prevent reuse of. Valid values 0 to 50' InternetSharingBlocked = 'Boolean | Optional | Indicates whether or not to Block the user from using internet sharing.' PowerSleepButtonActionPluggedIn = 'String | Optional | This setting specifies the action that Windows takes when a user presses the Sleep button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown. | notConfigured / noAction / sleep / hibernate / shutdown' BluetoothBlockPrePairing = 'Boolean | Optional | Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device.' StartMenuHideFrequentlyUsedApps = 'Boolean | Optional | Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.' FindMyFiles = 'String | Optional | Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' EdgeCookiePolicy = 'String | Optional | Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll. | userDefined / allow / blockThirdParty / blockAll' EdgeBlockAddressBarDropdown = 'Boolean | Optional | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services.' EdgeBlockExtensions = 'Boolean | Optional | Indicates whether or not to block extensions in the Edge browser.' ConnectedDevicesServiceBlocked = 'Boolean | Optional | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences.' StorageRequireMobileDeviceEncryption = 'Boolean | Optional | Indicating whether or not to require encryption on a mobile device.' EdgeBlockSavingHistory = 'Boolean | Optional | Configure Edge to allow browsing history to be saved or to never save browsing history.' SettingsBlockEaseOfAccessPage = 'Boolean | Optional | Indicates whether or not to block access to Ease of Access in Settings app.' EdgeSearchEngine = @{ EdgeSearchEngineOpenSearchXmlUrl = 'String | Optional | Points to a https link containing the OpenSearch xml file that contains, at minimum, the short name and the URL to the search Engine.' EdgeSearchEngineType = 'String | Optional | Allows IT admins to set a predefined default search engine for MDM-Controlled devices. Possible values are: default, bing. | default / bing' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.edgeSearchEngine / #microsoft.graph.edgeSearchEngineCustom' } } ) DeviceConfigurationSCEPCertificatePoliciesWindows10 = @( @{ SubjectAlternativeNameType = 'String | Optional | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. | none / emailAddress / userPrincipalName / customAzureADAttribute / domainNameService / universalResourceIdentifier' Id = 'String | Optional | The unique identifier for an entity. Read-only.' KeyUsage = 'StringArray | Optional | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. | keyEncipherment / digitalSignature' DisplayName = 'String | Required | Admin provided name of the device configuration.' SubjectAlternativeNameFormatString = 'String | Optional | Custom String that defines the AAD Attribute.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CustomSubjectAlternativeNames = @( @{ Name = 'String | Optional | Custom SAN Name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SanType = 'String | Optional | Custom SAN Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. | none / emailAddress / userPrincipalName / customAzureADAttribute / domainNameService / universalResourceIdentifier' } ) RootCertificateDisplayName = 'String | Optional | Trusted Root Certificate DisplayName' ScepServerUrls = 'StringArray | Optional | SCEP Server Url(s).' RootCertificateId = 'String | Optional | Trusted Root Certificate Id' CertificateValidityPeriodValue = 'UInt32 | Optional | Value for the Certificate Validity Period' CertificateValidityPeriodScale = 'String | Optional | Scale for the Certificate Validity Period. Possible values are: days, months, years. | days / months / years' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' KeyStorageProvider = 'String | Optional | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. | useTpmKspOtherwiseUseSoftwareKsp / useTpmKspOtherwiseFail / usePassportForWorkKspOtherwiseFail / useSoftwareKsp' HashAlgorithm = 'String | Optional | SCEP Hash Algorithm. Possible values are: sha1, sha2. | sha1 / sha2' RenewalThresholdPercentage = 'UInt32 | Optional | Certificate renewal threshold percentage. Valid values 1 to 99' KeySize = 'String | Optional | SCEP Key Size. Possible values are: size1024, size2048, size4096. | size1024 / size2048 / size4096' Description = 'String | Optional | Admin provided description of the Device Configuration.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) SubjectNameFormat = 'String | Optional | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. | commonName / commonNameIncludingEmail / commonNameAsEmail / custom / commonNameAsIMEI / commonNameAsSerialNumber / commonNameAsAadDeviceId / commonNameAsIntuneDeviceId / commonNameAsDurableDeviceId' CertificateStore = 'String | Optional | Target store certificate. Possible values are: user, machine. | user / machine' ExtendedKeyUsages = @( @{ ObjectIdentifier = 'String | Optional | Extended Key Usage Object Identifier' Name = 'String | Optional | Extended Key Usage Name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) SubjectNameFormatString = 'String | Optional | Custom format to use with SubjectNameFormat = Custom. Example: CN={{UserName}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US' } ) DeviceConfigurationSecureAssessmentPoliciesWindows10 = @( @{ AllowScreenCapture = 'Boolean | Optional | Indicates whether or not to allow screen capture capability during a test.' Description = 'String | Optional | Admin provided description of the Device Configuration.' DisplayName = 'String | Required | Admin provided name of the device configuration.' AllowTextSuggestion = 'Boolean | Optional | Indicates whether or not to allow text suggestions during the test.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AssessmentAppUserModelId = 'String | Optional | Specifies the application user model ID of the assessment app launched when a user signs in to a secure assessment with a local guest account. Important notice: this property must be set with localGuestAccountName in order to make the local guest account sign-in experience work properly for secure assessments.' ConfigurationAccountType = 'String | Optional | The account type used to by ConfigurationAccount. Possible values are: azureADAccount, domainAccount, localAccount, localGuestAccount. | azureADAccount / domainAccount / localAccount / localGuestAccount' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' LaunchUri = 'String | Optional | Url link to an assessment that''s automatically loaded when the secure assessment browser is launched. It has to be a valid Url (https://msdn.microsoft.com/).' LocalGuestAccountName = 'String | Optional | Specifies the display text for the local guest account shown on the sign-in screen. Typically is the name of an assessment. When the user clicks the local guest account on the sign-in screen, an assessment app is launched with a specified assessment URL. Secure assessments can only be configured with local guest account sign-in on devices running Windows 10, version 1903 or later. Important notice: this property must be set with assessmentAppUserModelID in order to make the local guest account sign-in experience work properly for secure assessments.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' ConfigurationAccount = 'String | Optional | The account used to configure the Windows device for taking the test. The user can be a domain account (domain/user), an AAD account (usernametenant.com) or a local account (username).' AllowPrinting = 'Boolean | Optional | Indicates whether or not to allow the app from printing during the test.' } ) DeviceConfigurationSharedMultiDevicePoliciesWindows10 = @( @{ MaintenanceStartTime = 'String | Optional | Specifies the daily start time of maintenance hour.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' IdleTimeBeforeSleepInSeconds = 'UInt32 | Optional | Specifies the time in seconds that a device must sit idle before the PC goes to sleep. Setting this value to 0 prevents the sleep timeout from occurring.' SignInOnResume = 'String | Optional | Specifies the requirement to sign in whenever the device wakes up from sleep mode. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DisplayName = 'String | Required | Admin provided name of the device configuration.' KioskAppDisplayName = 'String | Optional | Specifies the display text for the account shown on the sign-in screen which launches the app specified by SetKioskAppUserModelId. Only applies when KioskAppUserModelId is set.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowLocalStorage = 'Boolean | Optional | Specifies whether local storage is allowed on a shared PC.' SetPowerPolicies = 'String | Optional | Specifies whether the default shared PC power policies should be enabled/disabled. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' AllowedAccounts = 'StringArray | Optional | Indicates which type of accounts are allowed to use on a shared PC. Possible values are: notConfigured, guest, domain. | notConfigured / guest / domain' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' KioskAppUserModelId = 'String | Optional | Specifies the application user model ID of the app to use with assigned access.' DisablePowerPolicies = 'Boolean | Optional | Specifies whether the default shared PC power policies should be disabled.' SetEduPolicies = 'String | Optional | Specifies whether the default shared PC education environment policies should be enabled/disabled/not configured. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' DisableSignInOnResume = 'Boolean | Optional | Disables the requirement to sign in whenever the device wakes up from sleep mode.' Description = 'String | Optional | Admin provided description of the Device Configuration.' AccountManagerPolicy = @{ InactiveThresholdDays = 'UInt32 | Optional | Specifies when the accounts will start being deleted when they have not been logged on during the specified period, given as number of days. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold.' CacheAccountsAboveDiskFreePercentage = 'UInt32 | Optional | Sets the percentage of available disk space a PC should have before it stops deleting cached shared PC accounts. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100' AccountDeletionPolicy = 'String | Optional | Configures when accounts are deleted. Possible values are: immediate, diskSpaceThreshold, diskSpaceThresholdOrInactiveThreshold. | immediate / diskSpaceThreshold / diskSpaceThresholdOrInactiveThreshold' RemoveAccountsBelowDiskFreePercentage = 'UInt32 | Optional | Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first. Only applies when AccountDeletionPolicy is DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100' } Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisableAccountManager = 'Boolean | Optional | Disables the account manager for shared PC mode.' Enabled = 'Boolean | Optional | Enables shared PC mode and applies the shared pc policies.' DisableEduPolicies = 'Boolean | Optional | Specifies whether the default shared PC education environment policies should be disabled. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true.' FastFirstSignIn = 'String | Optional | Specifies whether to auto connect new non-admin Azure AD accounts to pre-configured candidate local accounts. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' LocalStorage = 'String | Optional | Specifies whether local storage is allowed on a shared PC. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' SetAccountManager = 'String | Optional | Disables the account manager for shared PC mode. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' } ) DeviceConfigurationTrustedCertificatePoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' DestinationStore = 'String | Optional | Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot, computerCertStoreIntermediate, userCertStoreIntermediate. | computerCertStoreRoot / computerCertStoreIntermediate / userCertStoreIntermediate' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | Admin provided description of the Device Configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TrustedRootCertificate = 'String | Optional | Trusted Root Certificate' CertFileName = 'String | Optional | File name to display in UI.' DisplayName = 'String | Required | Admin provided name of the device configuration.' } ) DeviceConfigurationVpnPoliciesWindows10 = @( @{ Description = 'String | Optional | Admin provided description of the Device Configuration.' RememberUserCredentials = 'Boolean | Optional | Remember user credentials.' ProfileTarget = 'String | Optional | Profile target type. Possible values are: user, device, autoPilotDevice. | user / device / autoPilotDevice' SingleSignOnIssuerHash = 'String | Optional | Single sign-on issuer hash.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) CustomXml = 'String | Optional | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array)' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TrustedNetworkDomains = 'StringArray | Optional | Trusted Network Domains' CryptographySuite = @{ CipherTransformConstants = 'String | Optional | Cipher Transform Constants. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305. | aes256 / des / tripleDes / aes128 / aes128Gcm / aes256Gcm / aes192 / aes192Gcm / chaCha20Poly1305' EncryptionMethod = 'String | Optional | Encryption Method. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305. | aes256 / des / tripleDes / aes128 / aes128Gcm / aes256Gcm / aes192 / aes192Gcm / chaCha20Poly1305' PfsGroup = 'String | Optional | Perfect Forward Secrecy Group. Possible values are: pfs1, pfs2, pfs2048, ecp256, ecp384, pfsMM, pfs24. | pfs1 / pfs2 / pfs2048 / ecp256 / ecp384 / pfsMM / pfs24' DhGroup = 'String | Optional | Diffie Hellman Group. Possible values are: group1, group2, group14, ecp256, ecp384, group24. | group1 / group2 / group14 / ecp256 / ecp384 / group24' IntegrityCheckMethod = 'String | Optional | Integrity Check Method. Possible values are: sha2_256, sha1_96, sha1_160, sha2_384, sha2_512, md5. | sha2_256 / sha1_96 / sha1_160 / sha2_384 / sha2_512 / md5' AuthenticationTransformConstants = 'String | Optional | Authentication Transform Constants. Possible values are: md5_96, sha1_96, sha_256_128, aes128Gcm, aes192Gcm, aes256Gcm. | md5_96 / sha1_96 / sha_256_128 / aes128Gcm / aes192Gcm / aes256Gcm' } OnlyAssociatedAppsCanUseConnection = 'Boolean | Optional | Only associated Apps can use connection (per-app VPN).' SingleSignOnEku = @{ ObjectIdentifier = 'String | Optional | Extended Key Usage Object Identifier' Name = 'String | Optional | Extended Key Usage Name' } AuthenticationMethod = 'String | Optional | Authentication method. Possible values are: certificate, usernameAndPassword, customEapXml, derivedCredential. | certificate / usernameAndPassword / customEapXml / derivedCredential' MicrosoftTunnelSiteId = 'String | Optional | ID of the Microsoft Tunnel site associated with the VPN profile.' Routes = @( @{ PrefixSize = 'UInt32 | Optional | Prefix size. (1-32). Valid values 1 to 32' DestinationPrefix = 'String | Optional | Destination prefix (IPv4/v6 address).' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) EapXml = 'String | Optional | Extensible Authentication Protocol (EAP) XML. (UTF8 encoded byte array)' AssociatedApps = @( @{ AppType = 'String | Optional | Application type. Possible values are: desktop, universal. | desktop / universal' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Identifier = 'String | Optional | Identifier.' } ) EnableSplitTunneling = 'Boolean | Optional | Enable split tunneling.' EnableConditionalAccess = 'Boolean | Optional | Enable conditional access.' DnsSuffixes = 'StringArray | Optional | Specify DNS suffixes to add to the DNS search list to properly route short names.' ProxyServer = @{ BypassProxyServerForLocalAddress = 'Boolean | Optional | Bypass proxy server for local address.' Address = 'String | Optional | Address.' AutomaticConfigurationScriptUrl = 'String | Optional | Proxy''s automatic configuration script url.' AutomaticallyDetectProxySettings = 'Boolean | Optional | Automatically detect proxy settings.' Port = 'UInt32 | Optional | Port. Valid values 0 to 65535' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windows10VpnProxyServer / #microsoft.graph.windows81VpnProxyServer' } ServerCollection = @( @{ IsDefaultServer = 'Boolean | Optional | Default server.' Description = 'String | Optional | Description.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Address = 'String | Optional | Address (IP address, FQDN or URL)' } ) EnableDeviceTunnel = 'Boolean | Optional | Enable device tunnel.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' TrafficRules = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Name = 'String | Optional | Name.' AppId = 'String | Optional | App identifier, if this traffic rule is triggered by an app.' LocalPortRanges = @( @{ LowerNumber = 'UInt32 | Optional | Lower number.' UpperNumber = 'UInt32 | Optional | Upper number.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) AppType = 'String | Optional | App type, if this traffic rule is triggered by an app. Possible values are: none, desktop, universal. | none / desktop / universal' LocalAddressRanges = @( @{ CidrAddress = 'String | Optional | IPv4 address in CIDR notation. Not nullable.' UpperAddress = 'String | Optional | Upper address.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' LowerAddress = 'String | Optional | Lower address.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.iPv4CidrRange / #microsoft.graph.iPv6CidrRange / #microsoft.graph.iPv4Range / #microsoft.graph.iPv6Range' } ) RemotePortRanges = @( @{ LowerNumber = 'UInt32 | Optional | Lower number.' UpperNumber = 'UInt32 | Optional | Upper number.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) RemoteAddressRanges = @( @{ CidrAddress = 'String | Optional | IPv4 address in CIDR notation. Not nullable.' UpperAddress = 'String | Optional | Upper address.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' LowerAddress = 'String | Optional | Lower address.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.iPv4CidrRange / #microsoft.graph.iPv6CidrRange / #microsoft.graph.iPv4Range / #microsoft.graph.iPv6Range' } ) Claims = 'String | Optional | Claims associated with this traffic rule.' Protocols = 'UInt32 | Optional | Protocols (0-255). Valid values 0 to 255' RoutingPolicyType = 'String | Optional | When app triggered, indicates whether to enable split tunneling along this route. Possible values are: none, splitTunnel, forceTunnel. | none / splitTunnel / forceTunnel' VpnTrafficDirection = 'String | Optional | Specify whether the rule applies to inbound traffic or outbound traffic. Possible values are: outbound, inbound, unknownFutureValue. | outbound / inbound / unknownFutureValue' } ) EnableDnsRegistration = 'Boolean | Optional | Enable IP address registration with internal DNS.' ConnectionType = 'String | Optional | Connection type. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, automatic, ikEv2, l2tp, pptp, citrix, paloAltoGlobalProtect, ciscoAnyConnect, unknownFutureValue, microsoftTunnel. | pulseSecure / f5EdgeClient / dellSonicWallMobileConnect / checkPointCapsuleVpn / automatic / ikEv2 / l2tp / pptp / citrix / paloAltoGlobalProtect / ciscoAnyConnect / unknownFutureValue / microsoftTunnel' EnableAlwaysOn = 'Boolean | Optional | Enable Always On mode.' WindowsInformationProtectionDomain = 'String | Optional | Windows Information Protection (WIP) domain to associate with this connection.' EnableSingleSignOnWithAlternateCertificate = 'Boolean | Optional | Enable single sign-on (SSO) with alternate certificate.' ConnectionName = 'String | Optional | Connection name displayed to the user.' DnsRules = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Persistent = 'Boolean | Optional | Keep this rule active even when the VPN is not connected: Default False' Servers = 'StringArray | Optional | Servers.' Name = 'String | Optional | Name.' AutoTrigger = 'Boolean | Optional | Automatically connect to the VPN when the device connects to this domain: Default False.' ProxyServerUri = 'String | Optional | Proxy Server Uri.' } ) Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' } ) DeviceConfigurationWindowsTeamPoliciesWindows10 = @( @{ Description = 'String | Optional | Admin provided description of the Device Configuration.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) WelcomeScreenMeetingInformation = 'String | Optional | The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject. | userDefined / showOrganizerAndTimeOnly / showOrganizerAndTimeAndSubject' SettingsBlockSigninSuggestions = 'Boolean | Optional | Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.' DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SupportsScopeTags = 'Boolean | Optional | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.' WelcomeScreenBackgroundImageUrl = 'String | Optional | The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image.' AzureOperationalInsightsWorkspaceKey = 'String | Optional | The Azure Operational Insights Workspace key.' SettingsBlockSessionResume = 'Boolean | Optional | Specifies whether to allow the ability to resume a session when the session times out.' SettingsDefaultVolume = 'UInt32 | Optional | Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100' WelcomeScreenBlockAutomaticWakeUp = 'Boolean | Optional | Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room.' MaintenanceWindowDurationInHours = 'UInt32 | Optional | Maintenance window duration for device updates. Valid values 0 to 5' MiracastRequirePin = 'Boolean | Optional | Indicates whether or not to require a pin for wireless projection.' MiracastBlocked = 'Boolean | Optional | Indicates whether or not to Block wireless projection.' SettingsSessionTimeoutInMinutes = 'UInt32 | Optional | Specifies the number of minutes until the session times out.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' MiracastChannel = 'String | Optional | The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive. | userDefined / one / two / three / four / five / six / seven / eight / nine / ten / eleven / thirtySix / forty / fortyFour / fortyEight / oneHundredFortyNine / oneHundredFiftyThree / oneHundredFiftySeven / oneHundredSixtyOne / oneHundredSixtyFive' Id = 'String | Optional | The unique identifier for an entity. Read-only.' MaintenanceWindowStartTime = 'String | Optional | Maintenance window start time for device updates.' ConnectAppBlockAutoLaunch = 'Boolean | Optional | Specifies whether to automatically launch the Connect app whenever a projection is initiated.' AzureOperationalInsightsWorkspaceId = 'String | Optional | The Azure Operational Insights workspace id.' MaintenanceWindowBlocked = 'Boolean | Optional | Indicates whether or not to Block setting a maintenance window for device updates.' SettingsScreenTimeoutInMinutes = 'UInt32 | Optional | Specifies the number of minutes until the Hub screen turns off.' SettingsSleepTimeoutInMinutes = 'UInt32 | Optional | Specifies the number of minutes until the Hub enters sleep mode.' AzureOperationalInsightsBlockTelemetry = 'Boolean | Optional | Indicates whether or not to Block Azure Operational Insights.' SettingsBlockMyMeetingsAndFiles = 'Boolean | Optional | Specifies whether to disable the ''My meetings and files'' feature in the Start menu, which shows the signed-in user''s meetings and files from Office 365.' } ) DeviceConfigurationWiredNetworkPoliciesWindows10 = @( @{ SecondaryIdentityCertificateForClientAuthenticationId = 'String | Optional | Specify root certificate for client validation' InnerAuthenticationProtocolForEAPTTLS = 'String | Optional | Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. | unencryptedPassword / challengeHandshakeAuthenticationProtocol / microsoftChap / microsoftChapVersionTwo' Description = 'String | Optional | Admin provided description of the Device Configuration.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisableUserPromptForServerValidation = 'Boolean | Optional | When TRUE, prevents the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. When FALSE, does not prevent the user from being prompted. Default value is FALSE.' RootCertificateForClientValidationId = 'String | Optional | Specify root certificate for client validation.' MaximumEAPOLStartMessages = 'UInt32 | Optional | Specify the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100.' AuthenticationPeriodInSeconds = 'UInt32 | Optional | Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600.' AuthenticationBlockPeriodInMinutes = 'UInt32 | Optional | Specify the duration for which automatic authentication attempts will be blocked from occuring after a failed authentication attempt.' AuthenticationMethod = 'String | Optional | Specify the authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue. | certificate / usernameAndPassword / derivedCredential / unknownFutureValue' PerformServerValidation = 'Boolean | Optional | When TRUE, enables verification of server''s identity by validating the certificate when EAP type is selected as PEAP. When FALSE, the certificate is not validated. Default value is TRUE.' RequireCryptographicBinding = 'Boolean | Optional | When TRUE, enables cryptographic binding when EAP type is selected as PEAP. When FALSE, does not enable cryptogrpahic binding. Default value is TRUE.' RootCertificateForClientValidationDisplayName = 'String | Optional | Specify root certificate display name for client validation.' SecondaryAuthenticationMethod = 'String | Optional | Specify the secondary authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue. | certificate / usernameAndPassword / derivedCredential / unknownFutureValue' ForceFIPSCompliance = 'Boolean | Optional | When TRUE, forces FIPS compliance. When FALSE, does not enable FIPS compliance. Default value is FALSE.' MaximumAuthenticationFailures = 'UInt32 | Optional | Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100.' AuthenticationRetryDelayPeriodInSeconds = 'UInt32 | Optional | Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600.' EapolStartPeriodInSeconds = 'UInt32 | Optional | Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600.' TrustedServerCertificateNames = 'StringArray | Optional | Specify trusted server certificate names.' SecondaryRootCertificateForClientValidationDisplayName = 'String | Optional | Specify secondary root certificate display name for client validation.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Id = 'String | Optional | The unique identifier for an entity. Read-only.' OuterIdentityPrivacyTemporaryValue = 'String | Optional | Specify the string to replace usernames for privacy when using EAP TTLS or PEAP.' EapType = 'String | Optional | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. | eapTls / leap / eapSim / eapTtls / peap / eapFast / teap' RootCertificatesForServerValidationIds = 'StringArray | Optional | Specify root certificates for server validation. This collection can contain a maximum of 500 elements.' AuthenticationType = 'String | Optional | Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you''re using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none, user, machine, machineOrUser, guest. Possible values are: none, user, machine, machineOrUser, guest, unknownFutureValue. | none / user / machine / machineOrUser / guest / unknownFutureValue' IdentityCertificateForClientAuthenticationId = 'String | Optional | Specify identity certificate for client authentication.' RootCertificatesForServerValidationDisplayNames = 'StringArray | Optional | Specify root certificate display names for server validation. This collection can contain a maximum of 500 elements.' IdentityCertificateForClientAuthenticationDisplayName = 'String | Optional | Specify identity certificate display name for client authentication.' CacheCredentials = 'Boolean | Optional | When TRUE, caches user credentials on the device so that users don''t need to keep entering them each time they connect. When FALSE, do not cache credentials. Default value is FALSE.' SecondaryIdentityCertificateForClientAuthenticationDisplayName = 'String | Optional | Specify root certificate display name for client validation' SecondaryRootCertificateForClientValidationId = 'String | Optional | Specify secondary root certificate for client validation.' Enforce8021X = 'Boolean | Optional | When TRUE, the automatic configuration service for wired networks requires the use of 802.1X for port authentication. When FALSE, 802.1X is not required. Default value is FALSE.' } ) DeviceEnrollmentLimitRestrictions = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | Description of the device enrollment limit restriction.' Ensure = 'String | Optional | Present ensures the restriction exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Limit = 'UInt32 | Optional | Specifies the maximum number of devices a user can enroll' DisplayName = 'String | Required | Display name of the device enrollment limit restriction.' } ) DeviceEnrollmentPlatformRestrictions = @( @{ Description = 'String | Optional | Description of the device enrollment platform restriction.' AndroidRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } Priority = 'UInt32 | Optional | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.' DisplayName = 'String | Required | Display name of the device enrollment platform restriction.' WindowsRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } WindowsMobileRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } AccessTokens = 'StringArray | Optional | Access token used for authentication.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) IosRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' MacRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } DeviceEnrollmentConfigurationType = 'String | Optional | Support for Enrollment Configuration Type | platformRestrictions / singlePlatformRestriction' Identity = 'String | Required | Identity of the device enrollment platform restriction.' MacOSRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } WindowsHomeSkuRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } AndroidForWorkRestriction = @{ PlatformBlocked = 'Boolean | Optional | Block the platform from enrolling.' OsMinimumVersion = 'String | Optional | Min OS version supported.' BlockedSkus = 'StringArray | Optional | Collection of blocked Skus.' BlockedManufacturers = 'StringArray | Optional | Collection of blocked Manufacturers.' OsMaximumVersion = 'String | Optional | Max OS version supported.' PersonalDeviceEnrollmentBlocked = 'Boolean | Optional | Block personally owned devices from enrolling.' } } ) DeviceEnrollmentStatusPageWindows10s = @( @{ Description = 'String | Optional | The description of the device enrollment configuration' Priority = 'UInt32 | Optional | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.' DisplayName = 'String | Required | The display name of the device enrollment configuration' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisableUserStatusTrackingAfterFirstUser = 'Boolean | Optional | Only show installation progress for first user post enrollment' InstallQualityUpdates = 'Boolean | Optional | Allows quality updates installation during OOBE' ShowInstallationProgress = 'Boolean | Optional | Show or hide installation progress to user' SelectedMobileAppIds = 'StringArray | Optional | Ids of selected applications to track the installation status. When this parameter is used, SelectedMobileAppNames is ignored' CustomErrorMessage = 'String | Optional | Set custom error message to show upon installation failure' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' BlockDeviceSetupRetryByUser = 'Boolean | Optional | Allow the user to retry the setup on installation failure' AllowDeviceUseOnInstallFailure = 'Boolean | Optional | Allow the user to continue using the device on installation failure' AllowDeviceResetOnInstallFailure = 'Boolean | Optional | Allow or block device reset on installation failure' AllowNonBlockingAppInstallation = 'Boolean | Optional | Install all required apps as non blocking apps during white glove' AllowLogCollectionOnInstallFailure = 'Boolean | Optional | Allow or block log collection on installation failure' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) SelectedMobileAppNames = 'StringArray | Optional | Names of selected applications to track the installation status. This parameter is ignored when SelectedMobileAppIds is also specified' InstallProgressTimeoutInMinutes = 'UInt32 | Optional | Set installation progress timeout in minutes' TrackInstallProgressForAutopilotOnly = 'Boolean | Optional | Only show installation progress for Autopilot enrollment scenarios' } ) EndpointDetectionAndResponsePoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the endpoint detection and response policy for Windows 10.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' SampleSharing = 'String | Optional | Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All | 0 / 1' ConfigurationType = 'String | Optional | Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. | AutoFromConnector / Onboard / Offboard' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | Identity of the endpoint detection and response policy for Windows 10.' ConfigurationBlob = 'String | Optional | Set Windows Defender Advanced Threat Protection Onboarding blob and initiate onboarding to Windows Defender Advanced Threat Protection' DisplayName = 'String | Required | Display name of the endpoint detection and response policy for Windows 10.' } ) ExploitProtectionPoliciesWindows10SettingCatalog = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the endpoint protection.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' ExploitProtectionSettings = 'String | Optional | Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | Identity of the endpoint protection policy.' disallowexploitprotectionoverride = 'String | Optional | Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center.values 0:disable, 1:enable | 0 / 1' DisplayName = 'String | Required | Display name of the endpoint protection policy.' } ) PoliciesSets = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Items = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' dataType = 'String | Optional | The type of policy the item represents.' itemType = 'String | Optional | The type of policy the item represents.' payloadId = 'String | Optional | The group Id of the policy the item represents.' guidedDeploymentTags = 'StringArray | Optional | Tags of the guided deployment' displayName = 'String | Optional | The collection display name of the policy the item represents' } ) Description = 'String | Optional | Description of the PolicySet.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RoleScopeTags = 'StringArray | Optional | RoleScopeTags of the PolicySet' GuidedDeploymentTags = 'StringArray | Optional | Tags of the guided deployment' DisplayName = 'String | Required | DisplayName of the PolicySet.' } ) RoleAssignments = @( @{ Description = 'String | Optional | Description of the Role Assignment.' Id = 'String | Optional | The unique idenfier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the Role exists, absent ensures it is removed. | Present / Absent' ScopeType = 'String | Optional | Specifies the type of scope for a Role Assignment. Default type ''ResourceScope'' allows assignment of ResourceScopes. Possible values are: resourceScope, allDevices, allLicensedUsers, allDevicesAndLicensedUsers.' RoleDefinition = 'String | Optional | The Role Definition Id.' RoleDefinitionDisplayName = 'String | Optional | The Role Definition Displayname.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ResourceScopes = 'StringArray | Optional | List of ids of role scope member security groups. These are IDs from Azure Active Directory. Ignored if ScopeType is not ''ResourceScope''' Members = 'StringArray | Optional | The list of ids of role member security groups. These are IDs from Azure Active Directory.' ResourceScopesDisplayNames = 'StringArray | Optional | List of DisplayName of role scope member security groups. These are Displayname from Azure Active Directory. Ignored if ScopeType is not ''ResourceScope''' MembersDisplayNames = 'StringArray | Optional | The list of Displaynames of role member security groups. These are Displaynamnes from Azure Active Directory.' DisplayName = 'String | Required | The display or friendly name of the role Assignment.' } ) RoleDefinitions = @( @{ Description = 'String | Optional | Description of the Role definition.' roleScopeTagIds = 'StringArray | Optional | Id of the Scope Tags to assign' Id = 'String | Optional | The unique idenfier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the Role exists, absent ensures it is removed. | Present / Absent' allowedResourceActions = 'StringArray | Optional | List of allowed resource actions' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IsBuiltIn = 'Boolean | Optional | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.' notAllowedResourceActions = 'StringArray | Optional | List of not allowed resource actions' DisplayName = 'String | Required | Display Name of the Role definition.' } ) SettingCatalogASRRulesPoliciesWindows10 = @( @{ BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem = 'String | Optional | This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS). | off / block / audit / warn' ControlledFolderAccessProtectedFolders = 'StringArray | Optional | List of additional folders that need to be protected' BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent = 'String | Optional | This rule prevents scripts from launching potentially malicious downloaded content. | off / block / audit / warn' BlockAllOfficeApplicationsFromCreatingChildProcesses = 'String | Optional | This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access. | off / block / audit / warn' DisplayName = 'String | Required | Display name of the endpoint protection attack surface protection rules policy for Windows 10.' Identity = 'String | Optional | Identity of the endpoint protection attack surface protection rules policy for Windows 10.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) BlockOfficeApplicationsFromCreatingExecutableContent = 'String | Optional | This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. | off / block / audit / warn' EnableControlledFolderAccess = 'String | Optional | This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps.values 0:disable, 1:enable, 2:audit | 0 / 1 / 2' ControlledFolderAccessAllowedApplications = 'StringArray | Optional | List of apps that have access to protected folders.' BlockProcessCreationsFromPSExecAndWMICommands = 'String | Optional | This rule blocks processes created through PsExec and WMI from running. | off / block / audit / warn' BlockUntrustedUnsignedProcessesThatRunFromUSB = 'String | Optional | With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. | off / block / audit / warn' AccessTokens = 'StringArray | Optional | Access token used for authentication.' BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion = 'String | Optional | This rule blocks executable files that don''t meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching. | off / block / audit / warn' BlockOfficeCommunicationAppFromCreatingChildProcesses = 'String | Optional | This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions. | off / block / audit / warn' BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses = 'String | Optional | This rule blocks code injection attempts from Office apps into other processes. | off / block / audit / warn' BlockAbuseOfExploitedVulnerableSignedDrivers = 'String | Optional | This rule prevents an application from writing a vulnerable signed driver to disk. | off / block / audit / warn' BlockWin32APICallsFromOfficeMacros = 'String | Optional | This rule prevents VBA macros from calling Win32 APIs. | off / block / audit / warn' BlockExecutionOfPotentiallyObfuscatedScripts = 'String | Optional | This rule detects suspicious properties within an obfuscated script. | off / block / audit / warn' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed | Present / Absent' AttackSurfaceReductionOnlyExclusions = 'StringArray | Optional | Exclude files and paths from attack surface reduction rules' Description = 'String | Optional | Description of the endpoint protection attack surface protection rules policy for Windows 10.' BlockAdobeReaderFromCreatingChildProcesses = 'String | Optional | This rule prevents attacks by blocking Adobe Reader from creating processes. | off / block / audit / warn' BlockWebShellCreationForServers = 'String | Optional | This rule blocks webshell creation for servers. | off / block / audit / warn' UseAdvancedProtectionAgainstRansomware = 'String | Optional | This rule provides an extra layer of protection against ransomware. | off / block / audit / warn' BlockExecutableContentFromEmailClientAndWebmail = 'String | Optional | This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers. | off / block / audit / warn' BlockPersistenceThroughWMIEventSubscription = 'String | Optional | This rule prevents malware from abusing WMI to attain persistence on a device. | off / block / audit / warn' } ) SettingCatalogCustomPoliciesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Name = 'String | Required | Policy name' Id = 'String | Optional | The unique identifier for an entity. Read-only.' TemplateReference = @{ TemplateId = 'String | Optional | Template id' TemplateDisplayVersion = 'String | Optional | Template Display Version of the referenced Template. This property is read-only.' TemplateDisplayName = 'String | Optional | Template Display Name of the referenced template. This property is read-only.' TemplateFamily = 'String | Optional | Template Family of the referenced Template. This property is read-only. Possible values are: none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts. | none / endpointSecurityAntivirus / endpointSecurityDiskEncryption / endpointSecurityFirewall / endpointSecurityEndpointDetectionAndResponse / endpointSecurityAttackSurfaceReduction / endpointSecurityAccountProtection / endpointSecurityApplicationControl / endpointSecurityEndpointPrivilegeManagement / enrollmentConfiguration / appQuietTime / baseline / unknownFutureValue / deviceConfigurationScripts' } Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | Policy description' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Platforms = 'String | Optional | Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue. | none / android / iOS / macOS / windows10X / windows10 / linux / unknownFutureValue' Technologies = 'String | Optional | Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMAM, linuxMdm, enrollment, endpointPrivilegeManagement, unknownFutureValue. | none / mdm / windows10XManagement / configManager / appleRemoteManagement / microsoftSense / exchangeOnline / linuxMdm / enrollment / endpointPrivilegeManagement / unknownFutureValue' Settings = @( @{ Id = 'String | Optional | The unique identifier for an entity. Read-only.' SettingInstance = @{ SimpleSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' StringValue = 'String | Optional | Value of the string setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' IntValue = 'UInt32 | Optional | Value of the integer setting.' Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ StringValue = 'String | Optional | Value of the string setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' IntValue = 'UInt32 | Optional | Value of the integer setting.' SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' } ChoiceSettingValue = @{ SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) } GroupSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' SettingValueTemplateReference = @{ useTemplateDefault = 'Boolean | Optional | Indicates whether to update policy setting value to match template setting default value' settingValueTemplateId = 'String | Optional | Setting value template id' } Children = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' SimpleSettingCollectionValue = @( @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ) SettingDefinitionId = 'String | Optional | Setting Definition Id' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationGroupSettingInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance / #microsoft.graph.deviceManagementConfigurationSettingGroupInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance / #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' ChoiceSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) GroupSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } SettingInstanceTemplateReference = @{ SettingInstanceTemplateId = 'String | Optional | Setting instance template id' } SimpleSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue / #microsoft.graph.deviceManagementConfigurationStringSettingValue / #microsoft.graph.deviceManagementConfigurationSecretSettingValue' IntValue = 'UInt32 | Optional | Value of the integer setting.' ValueState = 'String | Optional | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid / notEncrypted / encryptedValueToken' StringValue = 'String | Optional | Value of the string setting.' } ChoiceSettingValue = @{ odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' } GroupSettingCollectionValue = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Choice setting value: an OptionDefinition ItemId.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue / #microsoft.graph.deviceManagementConfigurationGroupSettingValue / #microsoft.graph.deviceManagementConfigurationSimpleSettingValue' } ) } ) } ) } } ) } ) WifiConfigurationPoliciesAndroidDeviceAdministrator = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the Intune Policy.' Id = 'String | Optional | Id of the Intune Policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' WiFiSecurityType = 'String | Optional | Wi-Fi security type. | open / wpaEnterprise / wpa2Enterprise' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden.' NetworkName = 'String | Optional | Network name.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ssid = 'String | Optional | SSID.' ConnectAutomatically = 'Boolean | Optional | Connect automatically.' DisplayName = 'String | Required | Display name of the Intune Policy.' } ) WifiConfigurationPoliciesAndroidEnterpriseDeviceOwner = @( @{ Id = 'String | Optional | Id of the Intune policy' PreSharedKey = 'String | Optional | Pre shared key.' DisplayName = 'String | Required | Disaply name of the Intune policy' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PreSharedKeyIsSet = 'Boolean | Optional | Pre shared key is set.' WiFiSecurityType = 'String | Optional | Type of Wi-Fi profile. | open / wep / wpaPersonal / wpaEnterprise' NetworkName = 'String | Optional | Network name.' Ssid = 'String | Optional | Service Set Identifier. The name of the Wi-Fi connection.' ProxyManualAddress = 'String | Optional | Address of the proxy.' ProxySettings = 'String | Optional | Proxy setting type. | none / manual / automatic' ProxyAutomaticConfigurationUrl = 'String | Optional | URL of the automatic proxy.' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Don''t show this Wi-Fi network on an end-user''s device in the list of available networks. The SSID will not be broadcasted.' ProxyManualPort = 'UInt32 | Optional | Port of the proxy.' Description = 'String | Optional | Description of the Intune policy' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) ConnectAutomatically = 'Boolean | Optional | If the network is in range, automatically connect.' ProxyExclusionList = 'String | Optional | Exclusion list of the proxy.' } ) WifiConfigurationPoliciesAndroidEnterpriseWorkProfile = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the Intune policy.' Id = 'String | Optional | Id of the Intune policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' WiFiSecurityType = 'String | Optional | Wi-Fi security. | open / wpaEnterprise / wpa2Enterprise' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden.' NetworkName = 'String | Optional | Network name.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ssid = 'String | Optional | SSID.' ConnectAutomatically = 'Boolean | Optional | Connect automatically.' DisplayName = 'String | Required | Display name of the Intune policy.' } ) WifiConfigurationPoliciesAndroidForWork = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Description = 'String | Optional | Description of the Intune policy.' Id = 'String | Optional | Id of the Intune policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' WiFiSecurityType = 'String | Optional | Wi-Fi security | open / wpaEnterprise / wpa2Enterprise' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden' NetworkName = 'String | Optional | Network name' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ssid = 'String | Optional | SSID' ConnectAutomatically = 'Boolean | Optional | Connect automatically' DisplayName = 'String | Required | Display name of the Intune policy.' } ) WifiConfigurationPoliciesAndroidOpenSourceProject = @( @{ PreSharedKeyIsSet = 'Boolean | Optional | Define if the pre-shared key is set.' DisplayName = 'String | Required | Display name of the Intune policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PreSharedKey = 'String | Optional | Define the pre-shared key.' WiFiSecurityType = 'String | Optional | Define the Wifi security type. | open / wep / wpaPersonal / wpaEnterprise' NetworkName = 'String | Optional | Define the network name.' Ssid = 'String | Optional | Define the SSID.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Define if the network should be connected if hidden.' Description = 'String | Optional | Description of the Intune policy.' Id = 'String | Optional | Id of the Intune policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) ConnectAutomatically = 'Boolean | Optional | Connect automatically to the network.' } ) WifiConfigurationPoliciesIOS = @( @{ Id = 'String | Optional | Id of the Intune policy.' DisplayName = 'String | Required | Display name of the Intune policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PreSharedKey = 'String | Optional | Pre shared key' WiFiSecurityType = 'String | Optional | Wi-Fi security | open / wpaPersonal / wpaEnterprise / wep / wpa2Personal / wpa2Enterprise' DisableMacAddressRandomization = 'Boolean | Optional | Disable the MAC address randomization.' NetworkName = 'String | Optional | Network name' Ssid = 'String | Optional | SSID' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ProxySettings = 'String | Optional | Proxy settings | none / manual / automatic' ProxyAutomaticConfigurationUrl = 'String | Optional | Proxy automatic configuration url' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden' ProxyManualPort = 'UInt32 | Optional | Proxy manual port' Description = 'String | Optional | Description of the Intune policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) ConnectAutomatically = 'Boolean | Optional | Connect automatically' ProxyManualAddress = 'String | Optional | Proxy manual address' } ) WifiConfigurationPoliciesMacOS = @( @{ Id = 'String | Optional | Id of the Intune policy.' DisplayName = 'String | Required | Display name of the Intune policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PreSharedKey = 'String | Optional | Pre shared key' WiFiSecurityType = 'String | Optional | Wi-Fi security | open / wpaPersonal / wpaEnterprise / wep / wpa2Personal / wpa2Enterprise' NetworkName = 'String | Optional | Network name' Ssid = 'String | Optional | SSID' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' ProxySettings = 'String | Optional | Proxy settings | none / manual / automatic' ProxyAutomaticConfigurationUrl = 'String | Optional | Proxy automatic configuration url' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden' ProxyManualPort = 'UInt32 | Optional | Proxy manual port' Description = 'String | Optional | Description of the Intune policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) ConnectAutomatically = 'Boolean | Optional | Connect automatically' ProxyManualAddress = 'String | Optional | Proxy manual address' } ) WifiConfigurationPoliciesWindows10 = @( @{ Id = 'String | Optional | Id of the Intune policy.' ForceFIPSCompliance = 'Boolean | Optional | Force FIPS compliance' DisplayName = 'String | Required | Display name of the Intune policy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MeteredConnectionLimit = 'String | Optional | Metered connection limit | unrestricted / fixed / variable' PreSharedKey = 'String | Optional | Pre shared key' WifiSecurityType = 'String | Optional | Wi-Fi security | open / wpaPersonal / wpaEnterprise / wep / wpa2Personal / wpa2Enterprise' NetworkName = 'String | Optional | Network name' Ssid = 'String | Optional | SSID' ProxyManualAddress = 'String | Optional | Proxy manual address' ConnectWhenNetworkNameIsHidden = 'Boolean | Optional | Connect when network name is hidden' ProxyAutomaticConfigurationUrl = 'String | Optional | Proxy automatic configuration url' ProxySetting = 'String | Optional | Proxy setting | none / manual / automatic' ProxyManualPort = 'UInt32 | Optional | Proxy manual port' Description = 'String | Optional | Description of the Intune policy.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) ConnectAutomatically = 'Boolean | Optional | Connect automatically' ConnectToPreferredNetwork = 'Boolean | Optional | Connect to preferred network' } ) WindowsAutopilotDeploymentProfilesAzureADHybridJoined = @( @{ Description = 'String | Optional | Description of the profile' DisplayName = 'String | Required | Name of the profile' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DeviceNameTemplate = 'String | Optional | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.' ExtractHardwareHash = 'Boolean | Optional | HardwareHash Extraction for the profile' EnrollmentStatusScreenSettings = @{ HideInstallationProgress = 'Boolean | Optional | Show or hide installation progress to user' BlockDeviceSetupRetryByUser = 'Boolean | Optional | Allow the user to retry the setup on installation failure' AllowLogCollectionOnInstallFailure = 'Boolean | Optional | Allow or block log collection on installation failure' AllowDeviceUseBeforeProfileAndAppInstallComplete = 'Boolean | Optional | Allow or block user to use device before profile and app installation complete' InstallProgressTimeoutInMinutes = 'UInt32 | Optional | Set installation progress timeout in minutes' CustomErrorMessage = 'String | Optional | Set custom error message to show upon installation failure' AllowDeviceUseOnInstallFailure = 'Boolean | Optional | Allow the user to continue using the device on installation failure' } HybridAzureADJoinSkipConnectivityCheck = 'Boolean | Optional | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE.' ManagementServiceAppId = 'String | Optional | AzureAD management app ID used during client device-based enrollment discovery' EnableWhiteGlove = 'Boolean | Optional | Enable Autopilot White Glove for the profile.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Language = 'String | Optional | Language configured on the device' DeviceType = 'String | Optional | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | windowsPc / surfaceHub2 / holoLens / surfaceHub2S / virtualMachine / unknownFutureValue' OutOfBoxExperienceSettings = @{ HideEULA = 'Boolean | Optional | Show or hide EULA to user' HideEscapeLink = 'Boolean | Optional | If set to true, then the user can''t start over with different account, on company sign-in' HidePrivacySettings = 'Boolean | Optional | Show or hide privacy settings to user' DeviceUsageType = 'String | Optional | AAD join authentication type. Possible values are: singleUser, shared. | singleUser / shared' SkipKeyboardSelectionPage = 'Boolean | Optional | If set, then skip the keyboard selection page if Language and Region are set' UserType = 'String | Optional | Type of user. Possible values are: administrator, standard. | administrator / standard' } } ) WindowsAutopilotDeploymentProfilesAzureADJoined = @( @{ Description = 'String | Optional | Description of the profile' DisplayName = 'String | Required | Name of the profile' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DeviceNameTemplate = 'String | Optional | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.' ExtractHardwareHash = 'Boolean | Optional | HardwareHash Extraction for the profile' EnrollmentStatusScreenSettings = @{ HideInstallationProgress = 'Boolean | Optional | Show or hide installation progress to user' BlockDeviceSetupRetryByUser = 'Boolean | Optional | Allow the user to retry the setup on installation failure' AllowLogCollectionOnInstallFailure = 'Boolean | Optional | Allow or block log collection on installation failure' AllowDeviceUseBeforeProfileAndAppInstallComplete = 'Boolean | Optional | Allow or block user to use device before profile and app installation complete' InstallProgressTimeoutInMinutes = 'UInt32 | Optional | Set installation progress timeout in minutes' CustomErrorMessage = 'String | Optional | Set custom error message to show upon installation failure' AllowDeviceUseOnInstallFailure = 'Boolean | Optional | Allow the user to continue using the device on installation failure' } ManagementServiceAppId = 'String | Optional | AzureAD management app ID used during client device-based enrollment discovery' EnableWhiteGlove = 'Boolean | Optional | Enable Autopilot White Glove for the profile.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' Language = 'String | Optional | Language configured on the device' DeviceType = 'String | Optional | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | windowsPc / surfaceHub2 / holoLens / surfaceHub2S / virtualMachine / unknownFutureValue' OutOfBoxExperienceSettings = @{ HideEULA = 'Boolean | Optional | Show or hide EULA to user' HideEscapeLink = 'Boolean | Optional | If set to true, then the user can''t start over with different account, on company sign-in' HidePrivacySettings = 'Boolean | Optional | Show or hide privacy settings to user' DeviceUsageType = 'String | Optional | AAD join authentication type. Possible values are: singleUser, shared. | singleUser / shared' SkipKeyboardSelectionPage = 'Boolean | Optional | If set, then skip the keyboard selection page if Language and Region are set' UserType = 'String | Optional | Type of user. Possible values are: administrator, standard. | administrator / standard' } } ) WindowsInformationProtectionPoliciesWindows10MdmEnrolled = @( @{ Description = 'String | Optional | The policy''s description.' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Policy display name.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnterpriseProxyServersAreAuthoritative = 'Boolean | Optional | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false' SmbAutoEncryptedFileExtensions = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) ProtectionUnderLockConfigRequired = 'Boolean | Optional | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured' EnforcementLevel = 'String | Optional | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. | noProtection / encryptAndAuditOnly / encryptAuditAndPrompt / encryptAuditAndBlock' EnterpriseDomain = 'String | Optional | Primary enterprise domain' EnterpriseNetworkDomainNames = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) EnterpriseInternalProxyServers = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) RevokeOnUnenrollDisabled = 'Boolean | Optional | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don''t revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently.' RightsManagementServicesTemplateId = 'String | Optional | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access' DataRecoveryCertificate = @{ Description = 'String | Optional | Data recovery Certificate description' SubjectName = 'String | Optional | Data recovery Certificate subject name' ExpirationDateTime = 'String | Optional | Data recovery Certificate expiration datetime' Certificate = 'String | Optional | Data recovery Certificate' } Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' EnterpriseProxiedDomains = @( @{ ProxiedDomains = @( @{ Proxy = 'String | Optional | Proxy IP or FQDN' UniqueId = 'String | Required | [Unique ID to identify this specific object]' IpAddressOrFQDN = 'String | Optional | The IP address or FQDN' } ) DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' NeutralDomainResources = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) EnterpriseProxyServers = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) ExemptApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' BinaryVersionLow = 'String | Optional | The lower binary version.' Description = 'String | Optional | The app''s description.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsInformationProtectionDesktopApp / #microsoft.graph.windowsInformationProtectionStoreApp' BinaryName = 'String | Optional | The binary name.' BinaryVersionHigh = 'String | Optional | The high binary version.' Denied = 'Boolean | Optional | If true, app is denied protection or exemption.' PublisherName = 'String | Optional | The publisher name' ProductName = 'String | Optional | The product name.' DisplayName = 'String | Optional | App display name.' } ) AzureRightsManagementServicesAllowed = 'Boolean | Optional | Specifies whether to allow Azure RMS encryption for WIP' EnterpriseIPRangesAreAuthoritative = 'Boolean | Optional | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false' IconsVisible = 'Boolean | Optional | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app' EnterpriseProtectedDomainNames = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Resources = 'StringArray | Optional | Collection of resources' } ) ProtectedApps = @( @{ UniqueId = 'String | Required | [Unique ID to identify this specific object]' BinaryVersionLow = 'String | Optional | The lower binary version.' Description = 'String | Optional | The app''s description.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsInformationProtectionDesktopApp / #microsoft.graph.windowsInformationProtectionStoreApp' BinaryName = 'String | Optional | The binary name.' BinaryVersionHigh = 'String | Optional | The high binary version.' Denied = 'Boolean | Optional | If true, app is denied protection or exemption.' PublisherName = 'String | Optional | The publisher name' ProductName = 'String | Optional | The product name.' DisplayName = 'String | Optional | App display name.' } ) EnterpriseIPRanges = @( @{ DisplayName = 'String | Optional | Display name' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Ranges = @( @{ CidrAddress = 'String | Optional | IPv4 address in CIDR notation. Not nullable.' UpperAddress = 'String | Optional | Upper address.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' LowerAddress = 'String | Optional | Lower address.' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.iPv4CidrRange / #microsoft.graph.iPv6CidrRange / #microsoft.graph.iPv4Range / #microsoft.graph.iPv6Range' } ) } ) IndexingEncryptedStoresOrItemsBlocked = 'Boolean | Optional | This switch is for the Windows Search Indexer, to allow or disallow indexing of items' } ) WindowsUpdateForBusinessFeatureUpdateProfilesWindows10 = @( @{ Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) Id = 'String | Optional | The unique identifier for an entity. Read-only.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | The description of the profile which is specified by the user.' FeatureUpdateVersion = 'String | Optional | The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on.' RolloutSettings = @{ OfferEndDateTimeInUTC = 'String | Optional | The feature update''s ending of release date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.' OfferStartDateTimeInUTC = 'String | Optional | The feature update''s starting date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.' OfferIntervalInDays = 'UInt32 | Optional | The number of day(s) between each set of offers to be set, updated, and displayed for a feature update profile, for example: if OfferStartDateTimeInUTC is 2020-06-09T10:00:00Z, and OfferIntervalInDays is 1, then the next two sets of offers will be made consecutively on 2020-06-10T10:00:00Z (next day at the same specified time) and 2020-06-11T10:00:00Z (next next day at the same specified time) with 1 day in between each set of offers.' } AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisplayName = 'String | Required | The display name of the profile.' } ) WindowsUpdateForBusinessRingUpdateProfilesWindows10 = @( @{ PostponeRebootUntilAfterDeadline = 'Boolean | Optional | When TRUE the device should wait until deadline for rebooting outside of active hours. When FALSE the device should not wait until deadline for rebooting outside of active hours. Returned by default. Query parameters are not supported.' AutomaticUpdateMode = 'String | Optional | The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, notifyDownload, autoInstallAtMaintenanceTime, autoInstallAndRebootAtMaintenanceTime, autoInstallAndRebootAtScheduledTime, autoInstallAndRebootWithoutEndUserControl, windowsDefault. | userDefined / notifyDownload / autoInstallAtMaintenanceTime / autoInstallAndRebootAtMaintenanceTime / autoInstallAndRebootAtScheduledTime / autoInstallAndRebootWithoutEndUserControl / windowsDefault' Description = 'String | Optional | Admin provided description of the Device Configuration.' QualityUpdatesRollbackStartDateTime = 'String | Optional | The Quality Updates Rollback Start datetime. This value is the time when the admin rolled back the Quality update for the ring. Returned by default. Query parameters are not supported.' UserPauseAccess = 'String | Optional | Specifies whether to enable end user''s access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' Assignments = @( @{ groupId = 'String | Optional | The group Id that is the target of the assignment.' collectionId = 'String | Optional | The collection Id that is the target of the assignment.(ConfigMgr)' dataType = 'String | Optional | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget / #microsoft.graph.allLicensedUsersAssignmentTarget / #microsoft.graph.allDevicesAssignmentTarget / #microsoft.graph.exclusionGroupAssignmentTarget / #microsoft.graph.configurationManagerCollectionAssignmentTarget' UniqueId = 'String | Required | [Unique ID to identify this specific object]' deviceAndAppManagementAssignmentFilterId = 'String | Optional | The Id of the filter for the target assignment.' deviceAndAppManagementAssignmentFilterType = 'String | Optional | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none / include / exclude' groupDisplayName = 'String | Optional | The group Display Name that is the target of the assignment.' } ) DisplayName = 'String | Required | Admin provided name of the device configuration.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DeadlineGracePeriodInDays = 'UInt32 | Optional | Number of days after deadline until restarts occur automatically with valid range from 0 to 7 days. Returned by default. Query parameters are not supported.' UserWindowsUpdateScanAccess = 'String | Optional | Specifies whether to disable user''s access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. | notConfigured / enabled / disabled' AutoRestartNotificationDismissal = 'String | Optional | Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured, automatic, user, unknownFutureValue. | notConfigured / automatic / user / unknownFutureValue' InstallationSchedule = @{ ActiveHoursStart = 'String | Optional | Active Hours Start' ScheduledInstallTime = 'String | Optional | Scheduled Install Time during day' ScheduledInstallDay = 'String | Optional | Scheduled Install Day in week. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan. | userDefined / everyday / sunday / monday / tuesday / wednesday / thursday / friday / saturday / noScheduledScan' ActiveHoursEnd = 'String | Optional | Active Hours End' odataType = 'String | Optional | The type of the entity. | #microsoft.graph.windowsUpdateActiveHoursInstall / #microsoft.graph.windowsUpdateScheduledInstall' } AllowWindows11Upgrade = 'Boolean | Optional | When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported.' UpdateNotificationLevel = 'String | Optional | Specifies what Windows Update notifications users see. Possible values are: NotConfigured, DefaultNotifications, RestartWarningsOnly, DisableAllNotifications. Returned by default. Query parameters are not supported. Possible values are: notConfigured, defaultNotifications, restartWarningsOnly, disableAllNotifications, unknownFutureValue. | notConfigured / defaultNotifications / restartWarningsOnly / disableAllNotifications / unknownFutureValue' FeatureUpdatesRollbackStartDateTime = 'String | Optional | The Feature Updates Rollback Start datetime.This value is the time when the admin rolled back the Feature update for the ring.Returned by default.Query parameters are not supported.' QualityUpdatesDeferralPeriodInDays = 'UInt32 | Optional | Defer Quality Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.' FeatureUpdatesPaused = 'Boolean | Optional | When TRUE, assigned devices are paused from receiving feature updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Feature Updates. Returned by default. Query parameters are not supported.s' PrereleaseFeatures = 'String | Optional | The Pre-Release Features. Possible values are: UserDefined, SettingsOnly, SettingsAndExperimentations, NotAllowed. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, settingsOnly, settingsAndExperimentations, notAllowed. | userDefined / settingsOnly / settingsAndExperimentations / notAllowed' FeatureUpdatesPauseExpiryDateTime = 'String | Optional | The Feature Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.' BusinessReadyUpdatesOnly = 'String | Optional | Determines which branch devices will receive their updates from. Possible values are: UserDefined, All, BusinessReadyOnly, WindowsInsiderBuildFast, WindowsInsiderBuildSlow, WindowsInsiderBuildRelease. Returned by default. Query parameters are not supported. Possible values are: userDefined, all, businessReadyOnly, windowsInsiderBuildFast, windowsInsiderBuildSlow, windowsInsiderBuildRelease. | userDefined / all / businessReadyOnly / windowsInsiderBuildFast / windowsInsiderBuildSlow / windowsInsiderBuildRelease' EngagedRestartTransitionScheduleInDays = 'UInt32 | Optional | Number of days before transitioning from Auto Restarts scheduled outside of active hours to Engaged Restart, which requires the user to schedule, with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.' QualityUpdatesPauseStartDate = 'String | Optional | The Quality Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.' UpdateWeeks = 'String | Optional | Schedule the update installation on the weeks of the month. Possible values are: UserDefined, FirstWeek, SecondWeek, ThirdWeek, FourthWeek, EveryWeek. Returned by default. Query parameters are not supported. Possible values are: userDefined, firstWeek, secondWeek, thirdWeek, fourthWeek, everyWeek, unknownFutureValue. | userDefined / firstWeek / secondWeek / thirdWeek / fourthWeek / everyWeek / unknownFutureValue' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' DeadlineForFeatureUpdatesInDays = 'UInt32 | Optional | Number of days before feature updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.' QualityUpdatesPauseExpiryDateTime = 'String | Optional | The Quality Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.' Id = 'String | Optional | The unique identifier for an entity. Read-only.' ScheduleRestartWarningInHours = 'UInt32 | Optional | Specify the period for auto-restart warning reminder notifications. Supported values: 2, 4, 8, 12 or 24 (hours). Returned by default. Query parameters are not supported.' FeatureUpdatesPauseStartDate = 'String | Optional | The Feature Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.' ScheduleImminentRestartWarningInMinutes = 'UInt32 | Optional | Specify the period for auto-restart imminent warning notifications. Supported values: 15, 30 or 60 (minutes). Returned by default. Query parameters are not supported.' FeatureUpdatesDeferralPeriodInDays = 'UInt32 | Optional | Defer Feature Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.' DeadlineForQualityUpdatesInDays = 'UInt32 | Optional | Number of days before quality updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.' DriversExcluded = 'Boolean | Optional | When TRUE, excludes Windows update Drivers. When FALSE, does not exclude Windows update Drivers. Returned by default. Query parameters are not supported.' EngagedRestartSnoozeScheduleInDays = 'UInt32 | Optional | Number of days a user can snooze Engaged Restart reminder notifications with valid range from 1 to 3 days. Returned by default. Query parameters are not supported.' DeliveryOptimizationMode = 'String | Optional | The Delivery Optimization Mode. Possible values are: UserDefined, HttpOnly, HttpWithPeeringNat, HttpWithPeeringPrivateGroup, HttpWithInternetPeering, SimpleDownload, BypassMode. UserDefined allows the user to set. Returned by default. Query parameters are not supported. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode. | userDefined / httpOnly / httpWithPeeringNat / httpWithPeeringPrivateGroup / httpWithInternetPeering / simpleDownload / bypassMode' SkipChecksBeforeRestart = 'Boolean | Optional | When TRUE, skips all checks before restart: Battery level = 40%, User presence, Display Needed, Presentation mode, Full screen mode, phone call state, game mode etc. When FALSE, does not skip all checks before restart. Returned by default. Query parameters are not supported.' QualityUpdatesPaused = 'Boolean | Optional | When TRUE, assigned devices are paused from receiving quality updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Quality Updates. Returned by default. Query parameters are not supported.' EngagedRestartDeadlineInDays = 'UInt32 | Optional | Deadline in days before automatically scheduling and executing a pending restart outside of active hours, with valid range from 2 to 30 days. Returned by default. Query parameters are not supported.' FeatureUpdatesRollbackWindowInDays = 'UInt32 | Optional | The number of days after a Feature Update for which a rollback is valid with valid range from 2 to 60 days. Returned by default. Query parameters are not supported.' MicrosoftUpdateServiceAllowed = 'Boolean | Optional | When TRUE, allows Microsoft Update Service. When FALSE, does not allow Microsoft Update Service. Returned by default. Query parameters are not supported.' } ) } Office365 = @{ AdminAuditLogConfig = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | ''Present'' is the only value accepted. | Present' UnifiedAuditLogIngestionEnabled = 'String | Required | Determins if Unified Audit Log Ingestion is enabled | Enabled / Disabled' } Groups = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Members = 'StringArray | Optional | Members of the group.' ManagedBy = 'StringArray | Optional | The group''s owner user principal.' Ensure = 'String | Optional | Present ensures the group exists, absent ensures it is removed. | Present / Absent' Description = 'String | Optional | The group''s description.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MailNickName = 'String | Required | The group''s Internal Name.' DisplayName = 'String | Required | The display name for the group.' } ) OrgCustomizationSetting = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Since there is only one setting availble, this must be set to ''Present'' | Present' } OrgSettings = @{ ToDoIsExternalJoinEnabled = 'Boolean | Optional | To Do - Allow external users to join.' PlannerAllowCalendarSharing = 'Boolean | Optional | Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds.' ToDoIsPushNotificationEnabled = 'Boolean | Optional | To Do - Allow your users to receive push notifications.' ToDoIsExternalShareEnabled = 'Boolean | Optional | To Do - Allow sharing with external users.' VivaInsightsDigestEmail = 'Boolean | Optional | Specifies whether or not to allow users to have access to use the Viva Insights digest email feature.' VivaInsightsWebExperience = 'Boolean | Optional | Specifies whether or not to allow users to have access to use the Viva Insights web experience.' VivaInsightsScheduleSendSuggestions = 'Boolean | Optional | Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature.' VivaInsightsOutlookAddInAndInlineSuggestions = 'Boolean | Optional | Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' InstallationOptionsUpdateChannel = 'String | Optional | Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows | current / monthlyEnterprise / semiAnnual' AdminCenterReportDisplayConcealedNames = 'Boolean | Optional | Controls whether or not the Admin Center reports will conceale user, group and site names.' InstallationOptionsAppsForMac = 'StringArray | Optional | Defines the apps users can install on Mac devices. | isSkypeForBusinessEnabled / isMicrosoft365AppsEnabled' InstallationOptionsAppsForWindows = 'StringArray | Optional | Defines the apps users can install on Windows and mobile devices. | isVisioEnabled / isSkypeForBusinessEnabled / isProjectEnabled / isMicrosoft365AppsEnabled' DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled = 'Boolean | Optional | Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.' DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled = 'Boolean | Optional | Automatically block any internal surveys that request confidential information. Admins will be notified in the Message Center when a survey is blocked.' FormsIsBingImageSearchEnabled = 'Boolean | Optional | Allow YouTube and Bing.' DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled = 'Boolean | Optional | Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.' AppsAndServicesIsAppAndServicesTrialEnabled = 'Boolean | Optional | Allow people in your organization to start trial subscriptions for apps and services that support trials. Admins manage licenses for these trials in the same way as other licenses in your organization. Only admins can upgrade these trials to paid subscriptions, so they won�??t affect your billing.' CortanaEnabled = 'Boolean | Optional | Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.' AppsAndServicesIsOfficeStoreEnabled = 'Boolean | Optional | Allow people in your organization to access the Office Store using their work account. The Office Store provides access to apps that aren''t curated or managed by Microsoft.' FormsIsRecordIdentityByDefaultEnabled = 'Boolean | Optional | Record names of people in your org.' FormsIsInOrgFormsPhishingScanEnabled = 'Boolean | Optional | Phishing protection.' MicrosoftVivaBriefingEmail = 'Boolean | Optional | Specifies whether or not to let people in your organization receive Briefing email from Microsoft Viva.' M365WebEnableUsersToOpenFilesFrom3PStorage = 'Boolean | Optional | Let users open files stored in third-party storage services in Microsoft 365 on the Web.' FormsIsExternalShareCollaborationEnabled = 'Boolean | Optional | External Sharing - Share to collaborate on the form layout and structure.' FormsIsExternalSendFormEnabled = 'Boolean | Optional | External Sharing - Send a link to the form and collect responses.' FormsIsExternalShareTemplateEnabled = 'Boolean | Optional | External Sharing - Share the form as a template that can be duplicated.' FormsIsExternalShareResultEnabled = 'Boolean | Optional | External Sharing - Share form result summary.' } } OneDrive = @{ Settings = @{ ExcludedFileExtensions = 'StringArray | Optional | Exclude files from being synced to OneDrive' GrooveBlockOption = 'String | Optional | Groove block options | OptOut / HardOptIn / SoftOptIn' TenantRestrictionEnabled = 'Boolean | Optional | Enable/disable Safe domain List - if disabled overrides DomainGuids value' DomainGuids = 'StringArray | Optional | Safe domain list' Ensure = 'String | Optional | Present ensures the user exists, absent ensures it is removed | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisableReportProblemDialog = 'Boolean | Optional | Disable dialog box' OrphanedPersonalSitesRetentionPeriod = 'UInt32 | Optional | Number of days after a user''s account is deleted that their OneDrive for Business content will be deleted.' OneDriveForGuestsEnabled = 'Boolean | Optional | Enable guest acess for OneDrive' OneDriveStorageQuota = 'UInt32 | Optional | The resource quota to apply to the OneDrive sites' NotifyOwnersWhenInvitationsAccepted = 'Boolean | Optional | When true and when an external user accepts an invitation to a resource in a user�??s OneDrive for Business owner is notified by e-mail' ODBAccessRequests = 'String | Optional | Lets administrators set policy on access requests and requests to share in OneDrive for Business | On / Off / Unspecified' BlockMacSync = 'Boolean | Optional | Block sync client on Mac' NotificationsInOneDriveForBusinessEnabled = 'Boolean | Optional | Turn notifications on/off OneDrive' ODBMembersCanShare = 'String | Optional | Lets administrators set policy on re-sharing behavior in OneDrive for Business | On / Off / Unspecified' } } Planner = @{ Buckets = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Name = 'String | Required | The Name of the Planner Bucket.' Ensure = 'String | Optional | Present ensures the Plan exists, absent ensures it is removed | Present / Absent' BucketId = 'String | Optional | Id of the Bucket, if known.' PlanId = 'String | Required | Id of the Plan to which the bucket is associated with.' } ) Plans = @( @{ Title = 'String | Required | The Title of the Planner Plan.' Ensure = 'String | Optional | Present ensures the Plan exists, absent ensures it is removed | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' OwnerGroup = 'String | Required | Name of Id of the Azure Active Directory Group who owns the plan' } ) Tasks = @( @{ StartDateTime = 'String | Optional | Date and Time for the start of the Task.' Categories = 'StringArray | Optional | List of categories assigned to the task. | Pink / Red / Yellow / Green / Blue / Purple' Priority = 'UInt32 | Optional | Priority of the Task. Value can only be between 1 and 10.' Notes = 'String | Optional | Description of the Task.' AssignedUsers = 'StringArray | Optional | List of users assigned to the tasks (ex: @(''john.smith@contoso.com'', ''bob.houle@contoso.com'')).' PercentComplete = 'UInt32 | Optional | Percentage completed of the Task. Value can only be between 0 and 100.' Title = 'String | Required | The Title of the Planner Task.' UniqueId = 'String | Required | Unique ID to identify this specific object' TaskId = 'String | Optional | Id of the Task, if known.' DueDateTime = 'String | Optional | Date and Time for the task is due for completion.' PlanId = 'String | Required | Id of the Planner Plan which contains the Task.' Attachments = @( @{ Alias = 'String | Optional | Alias of for the attachment.' Type = 'String | Optional | Type of attachment. | PowerPoint / Word / Excel / Other' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Uri = 'String | Optional | Uri of the link to the attachment.' } ) Checklist = @( @{ Title = 'String | Optional | Title of the checklist item.' Completed = 'String | Optional | True if the item is completed, false otherwise.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) Ensure = 'String | Optional | Present ensures the Plan exists, absent ensures it is removed | Present / Absent' ConversationThreadId = 'String | Optional | Id of the group conversation thread associated with the comments section for this task.' Bucket = 'String | Optional | The Id of the bucket that contains the task.' } ) } PowerPlatform = @{ PowerAppsEnvironments = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' DisplayName = 'String | Required | Display name for the PowerApps environment' Ensure = 'String | Optional | Only accepted value is ''Present''. | Present / Absent' Location = 'String | Required | Location of the PowerApps environment. | canada / unitedstates / europe / asia / australia / india / japan / unitedkingdom / unitedstatesfirstrelease / southamerica / france / usgov / unitedarabemirates / germany / switzerland / norway / korea / southafrica' EnvironmentSKU = 'String | Required | Environment type. | Production / Standard / Trial / Sandbox / SubscriptionBasedTrial / Teams / Developer' } ) TenantIsolationSettings = @{ RulesToExclude = @( @{ Direction = 'String | Required | Direction of tenant trust. | Inbound / Outbound / Both' UniqueId = 'String | Required | [Unique ID to identify this specific object]' TenantName = 'String | Required | Name of the trusted tenant.' } ) Enabled = 'Boolean | Optional | When set to true this will enable the tenant isolation settings.' RulesToInclude = @( @{ Direction = 'String | Required | Direction of tenant trust. | Inbound / Outbound / Both' UniqueId = 'String | Required | [Unique ID to identify this specific object]' TenantName = 'String | Required | Name of the trusted tenant.' } ) Rules = @( @{ Direction = 'String | Required | Direction of tenant trust. | Inbound / Outbound / Both' UniqueId = 'String | Required | [Unique ID to identify this specific object]' TenantName = 'String | Required | Name of the trusted tenant.' } ) } TenantSettings = @{ DisableBingVideoSearch = 'Boolean | Optional | When set to true this will disable Bing video search in the Office 365 Suite navigation bar.' DisableShareWithEveryone = 'Boolean | Optional | When set to true this will disable the ability to share apps with the whole tenant.' DisableDocsSearch = 'Boolean | Optional | When set to true this will disable docs search in the Office 365 Suite navigation bar.' DisableCommunitySearch = 'Boolean | Optional | When set to true this will disable community search in the Office 365 Suite navigation bar.' EnableGuestsToMake = 'Boolean | Optional | When set to true this will enable the ability for guests in your tenant to create Power Platform resources.' ShareWithColleaguesUserLimit = 'UInt32 | Optional | The amount of people an app can be shared with in Dataverse for Teams (maximum is 10,000).' DisableSupportTicketsVisibleByAllUsers = 'Boolean | Optional | When set to true this will disable support tickets to be visible by all users.' DisableNPSCommentsReachout = 'Boolean | Optional | When set to true this will disable the NPS Comments Reachout.' DisableNewsletterSendout = 'Boolean | Optional | When set to true this will disable the monthly newsletters.' WalkMeOptOut = 'Boolean | Optional | When set to true this will disable the Walk Me guidance.' DisableEnvironmentCreationByNonAdminUsers = 'Boolean | Optional | When set to true this will disable production environment creation by non-admin users.' DisableTrialEnvironmentCreationByNonAdminUsers = 'Boolean | Optional | When set to true this will disable trial environment creation by non-admin users.' DisableCapacityAllocationByEnvironmentAdmins = 'Boolean | Optional | When set to true this will disable capacity allocation by environment admins.' DisablePortalsCreationByNonAdminUsers = 'Boolean | Optional | When set to true this will disable portal creation by non-admin users.' DisableSurveyFeedback = 'Boolean | Optional | When set to true this will disable survey feedback that sometimes pops up on top of an app.' } } SecurityCompliance = @{ AuditConfigurationPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' Workload = 'String | Required | Workload associated with the policy. | Exchange / SharePoint / OneDriveForBusiness' } ) AutoSensitivityLabelPolicies = @( @{ AddExchangeLocation = 'StringArray | Optional | This AddExchangeLocation parameter specifies new Exchange locations to be added to the policy without affecting the existing ones.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RemoveOneDriveLocationException = 'StringArray | Optional | This RemoveOneDriveLocationException parameter specifies the OneDrive for Business sites to remove from the list of excluded sites when you use the value All for the OneDriveLocation parameter.' AddSharePointLocation = 'StringArray | Optional | The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren''t using the value All for the SharePointLocation parameter.' ExchangeSenderMemberOfException = 'StringArray | Optional | he ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to exclude from the auto-labeling policy.' ExchangeLocation = 'StringArray | Optional | The ExchangeSender parameter specifies which senders to include in the policy.' SharePointLocation = 'StringArray | Optional | The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' Priority = 'UInt32 | Optional | The Priority parameter specifies the priority of the policy. The highest priority policy will take action over lower priority policies if two policies are applicable for a file.' ExchangeSenderMemberOf = 'StringArray | Optional | The ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to include in the auto-labeling policy.' AddSharePointLocationException = 'StringArray | Optional | The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren''t using the value All for the SharePointLocation parameter.' ExchangeSenderException = 'StringArray | Optional | The ExchangeSenderException parameter specifies which senders to exclude in the policy.' AddOneDriveLocationException = 'StringArray | Optional | This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter.' OneDriveLocationException = 'StringArray | Optional | The AddOneDriveLocationException parameter specifies the OneDrive for Business sites to add to the list of excluded sites when you use the value All for the OneDriveLocation parameter.' Name = 'String | Required | The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' ExchangeSender = 'StringArray | Optional | The ExchangeSender parameter specifies which senders to include in the policy.' Ensure = 'String | Optional | Specify if this label policy should exist or not. | Present / Absent' ApplySensitivityLabel = 'String | Optional | The ApplySensitivityLabel parameter specifies the label to use for the auto label policy.' RemoveSharePointLocationException = 'StringArray | Optional | The RemoveSharePointLocationException parameter specifies the SharePoint Online sites to remove from the list of excluded sites when you use the value All for the SharePointLocation parameter.' RemoveSharePointLocation = 'StringArray | Optional | The RemoveSharePointLocation parameter specifies the SharePoint Online sites to remove from the list of included sites when you aren''t using the value All for the SharePointLocation parameter.' OneDriveLocation = 'StringArray | Optional | The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value.' UniqueId = 'String | Required | Unique ID to identify this specific object' RemoveOneDriveLocation = 'StringArray | Optional | The RemoveOneDriveLocation parameter specifies the OneDrive for Business sites to remove from the list of included sites when you aren''t using the value All for the OneDriveLocation parameter.' AddOneDriveLocation = 'StringArray | Optional | The AddOneDriveLocation parameter specifies the OneDrive for Business sites to add to the list of included sites when you aren''t using the value All for the OneDriveLocation parameter.' RemoveExchangeLocation = 'StringArray | Optional | The RemoveExchangeLocation parameter removes locations on Exchange from the policy.' SharePointLocationException = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter.' Mode = 'String | Optional | The Mode parameter specifies the action and notification level of the auto-labeling policy. | Enable / Disable / TestWithNotifications / TestWithoutNotifications' } ) AutoSensitivityLabelRules = @( @{ RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' FromAddressMatchesPatterns = 'String | Optional | The FromAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the sender''s email address by using regular expressions.' ExceptIfFrom = 'StringArray | Optional | The ExceptIfFrom parameter specifies an exception for the auto-labeling policy rule that looks for messages from specific senders. You can use any value that uniquely identifies the sender.' FromAddressContainsWords = 'String | Optional | The FromAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in the sender''s email address. You can specify multiple words or phrases separated by commas.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter specifies a condition for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address.' ExceptIfProcessingLimitExceeded = 'Boolean | Optional | The ExceptIfProcessingLimitExceeded parameter specifies an exception for the auto-labeling policy rule that looks for files where scanning couldn''t complete.' ExceptIfContentContainsSensitiveInformation = @{ Operator = 'String | Optional | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Groups = @( @{ Operator = 'String | Required | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Labels = @( @{ name = 'String | Required | Name of the Sensitive Label' id = 'String | Optional | Id of the Sensitive Information label' type = 'String | Optional | Type of the Sensitive Information label' } ) Name = 'String | Required | Name of the group' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) } AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | Name of the Rule.' ExceptIfAnyOfRecipientAddressMatchesPatterns = 'String | Optional | The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions. ' ProcessingLimitExceeded = 'Boolean | Optional | The ProcessingLimitExceeded parameter specifies a condition for the auto-labeling policy rule that looks for files where scanning couldn''t complete. You can use this condition to create rules that work together to identify and process messages where the content couldn''t be fully scanned.' ExceptIfAccessScope = 'String | Optional | The ExceptIfAccessScopeAccessScope parameter specifies an exception for the auto-labeling policy rule that''s based on the access scope of the content. The rule isn''t applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None | InOrganization / NotInOrganization / None' Workload = 'String | Required | Workload the rule is associated with. Value can be: Exchange, SharePoint, OneDriveForBusiness | Exchange / SharePoint / OneDriveForBusiness' ExceptIfDocumentIsUnsupported = 'Boolean | Optional | The ExceptIfDocumentIsUnsupported parameter specifies an exception for the auto-labeling policy rule that looks for files that can''t be scanned.' ExceptIfFromAddressContainsWords = 'String | Optional | The ExceptIfFromAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in the sender''s email address. You can specify multiple words or phrases separated by commas.' AnyOfRecipientAddressMatchesPatterns = 'String | Optional | The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions.' Policy = 'String | Required | Name of the associated Policy.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception for the auto-labeling policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ' SentTo = 'StringArray | Optional | The SentTo parameter specifies a condition for the auto-sensitivity policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.' HeaderMatchesPatterns = @{ Name = 'String | Required | Name of the header pattern' Values = 'StringArray | Required | Regular expressions for the pattern' } ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' ContentExtensionMatchesWords = 'String | Optional | The ContentExtensionMatchesWords parameter specifies a condition for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.' SenderIPRanges = 'StringArray | Optional | The SenderIpRanges parameter specifies a condition for the auto-sensitivity policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.' AnyOfRecipientAddressContainsWords = 'String | Optional | The AnyOfRecipientAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words or phrases separated by commas.' SenderDomainIs = 'StringArray | Optional | The SenderDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. ' ExceptIfSenderDomainIs = 'StringArray | Optional | The ExceptIfSenderDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. You can specify multiple values separated by commas.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' ExceptIfSubjectMatchesPatterns = 'String | Optional | The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.' ExceptIfFromMemberOf = 'StringArray | Optional | The ExceptIfFromMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent by group members. You identify the group members by their email addresses. You can enter multiple values separated by commas.' DocumentIsUnsupported = 'Boolean | Optional | The DocumentIsUnsupported parameter specifies a condition for the auto-labeling policy rule that looks for files that can''t be scanned.' ExceptIfSentToMemberOf = 'StringArray | Optional | The ExceptIfSentToMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address. You can specify multiple values separated by commas.' RuleErrorAction = 'String | Optional | The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are: Ignore, RetryThenBlock, *blank* | Ignore / RetryThenBlock / ' ExceptIfContentExtensionMatchesWords = 'StringArray | Optional | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.' AccessScope = 'String | Optional | The AccessScope parameter specifies a condition for the auto-labeling policy rule that''s based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None | InOrganization / NotInOrganization / None' ExceptIfAnyOfRecipientAddressContainsWords = 'String | Optional | The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words separated by commas.' ExceptIfSenderIPRanges = 'StringArray | Optional | The ExceptIfSenderIpRanges parameter specifies an exception for the auto-labeling policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.' ContentContainsSensitiveInformation = @{ Operator = 'String | Optional | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Groups = @( @{ Operator = 'String | Required | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Labels = @( @{ name = 'String | Required | Name of the Sensitive Label' id = 'String | Optional | Id of the Sensitive Information label' type = 'String | Optional | Type of the Sensitive Information label' } ) Name = 'String | Required | Name of the group' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) } UniqueId = 'String | Required | Unique ID to identify this specific object' ExceptIfFromAddressMatchesPatterns = 'String | Optional | The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the sender''s email address by using regular expressions. ' ExceptIfHeaderMatchesPatterns = 'StringArray | Optional | The HeaderMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in a header field by using regular expressions.' ReportSeverityLevel = 'String | Optional | The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are: None, Low, Medium, High | None / Low / Medium / High' SubjectMatchesPatterns = 'String | Optional | The SubjectMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.' DocumentIsPasswordProtected = 'Boolean | Optional | The DocumentIsPasswordProtected parameter specifies a condition for the auto-labeling policy rule that looks for password protected files (because the contents of the file can''t be inspected). Password detection only works for Office documents and .zip files. ' Disabled = 'Boolean | Optional | The Disabled parameter specifies whether the auto-labeling policy rule is enabled or disabled.' ExceptIfDocumentIsPasswordProtected = 'Boolean | Optional | The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the auto-labeling policy rule that looks for password protected files (because the contents of the file can''t be inspected). Password detection only works for Office documents and .zip files. ' } ) CaseHoldPolicies = @( @{ Comment = 'String | Optional | The Comment parameter specifies an optional comment.' Name = 'String | Required | The Name parameter specifies the unique name of the case hold policy.' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the policy is enabled or disabled.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' Case = 'String | Required | The Case parameter specifies the eDiscovery case that you want to associate with the case hold policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SharePointLocation = 'StringArray | Optional | The SharePointLocation parameter specifies the SharePoint Online and OneDrive for Business sites to include. You identify a site by its URL value.' PublicFolderLocation = 'StringArray | Optional | The PublicFolderLocation parameter specifies that you want to include all public folders in the case hold policy. You use the value All for this parameter.' ExchangeLocation = 'StringArray | Optional | The ExchangeLocation parameter specifies the mailboxes to include in the policy.' } ) CaseHoldRules = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Present ensures the rule exists, absent ensures it is removed | Present / Absent' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' Disabled = 'Boolean | Optional | The Disabled parameter specifies whether the case hold rule is enabled or disabled.' Policy = 'String | Required | The Policy parameter specifies the case hold policy that contains the rule. You can use any value that uniquely identifies the policy.' Name = 'String | Required | The Name parameter specifies a unique name for the case hold rule.' ContentMatchQuery = 'String | Optional | The ContentMatchQuery parameter specifies a content search filter. Use this parameter to create a query-based hold so only the content that matches the specified search query is placed on hold. This parameter uses a text search string or a query that''s formatted by using the Keyword Query Language (KQL).' } ) ComplianceCases = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The description of the case.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this case should exist or not. | Present / Absent' Name = 'String | Required | The Name parameter specifies the unique name of the compliance case.' Status = 'String | Optional | Status for the case. Can either be ''Active'' or ''Closed'' | Active / Closed' } ) ComplianceSearchs = @( @{ Description = 'String | Optional | The Description parameter specifies an optional description for the compliance search. If the value contains spaces, enclose the value in quotation marks.' Name = 'String | Required | The Name parameter specifies the unique name of the complaiance tag.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IncludeUserAppContent = 'Boolean | Optional | The IncludeUserAppContent parameter specifies that you want to search the cloud-based storage location for users who don''t have a regular Office 365 user account in your organization. These types of users include users without an Exchange Online license who use Office applications, Office 365 guest users, and on-premises users whose identity is synchronized with your Office 365 organization.' PublicFolderLocation = 'StringArray | Optional | The PublicFolderLocation parameter specifies that you want to include all public folders in the search. You use the value All for this parameter.' Case = 'String | Optional | Compliance Case (eDiscovery) that this Search is associated with' AllowNotFoundExchangeLocationsEnabled = 'Boolean | Optional | The AllowNotFoundExchangeLocationsEnabled parameter specifies whether to include mailboxes other than regular user mailboxes in the compliance search.' Ensure = 'String | Optional | Specify if this search should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' ContentMatchQuery = 'String | Optional | The ContentMatchQuery parameter specifies a content search filter. This parameter uses a text search string or a query that''s formatted by using the Keyword Query Language (KQL).' ExchangeLocation = 'StringArray | Optional | The ExchangeLocation parameter specifies the mailboxes to include.' SharePointLocationExclusion = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.' SharePointLocation = 'StringArray | Optional | The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' HoldNames = 'StringArray | Optional | The HoldNames parameter specifies that the content locations that have been placed on hold in the specified eDiscovery case will be searched. You use the value All for this parameter. You also need to specify the name of an eDiscovery case by using the Case parameter.' Language = 'String | Optional | The Language parameter specifies the language for the compliance search. Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese.' ExchangeLocationExclusion = 'StringArray | Optional | This parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.' } ) ComplianceSearchActions = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Action = 'String | Required | The Action parameter specifies what type of action to define. Accepted values are Export, Retention and Purge. | Export / Preview / Purge / Retention' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SearchName = 'String | Required | The SearchName parameter specifies the name of the existing content search to associate with the content search action. You can specify multiple content searches separated by commas.' Ensure = 'String | Optional | Specify if this action should exist or not. | Present / Absent' FileTypeExclusionsForUnindexedItems = 'StringArray | Optional | The FileTypeExclusionsForUnindexedItems specifies the file types to exclude because they can''t be indexed. You can specify multiple values separated by commas.' PurgeType = 'String | Optional | The PurgeType parameter specifies how to remove items when the action is Purge. | SoftDelete / HardDelete' RetryOnError = 'Boolean | Optional | The RetryOnError switch specifies whether to retry the action on any items that failed without re-running the entire action all over again.' ActionScope = 'String | Optional | The ActionScope parameter specifies the items to include when the action is Export. | IndexedItemsOnly / UnindexedItemsOnly / BothIndexedAndUnindexedItems' IncludeCredential = 'Boolean | Optional | The IncludeCredential switch specifies whether to include the credential in the results.' IncludeSharePointDocumentVersions = 'Boolean | Optional | The IncludeSharePointDocumentVersions parameter specifies whether to export previous versions of the document when you use the Export switch.' EnableDedupe = 'Boolean | Optional | The EnableDedupe parameter eliminates duplication of messages when you export content search results.' } ) ComplianceTags = @( @{ FilePlanProperty = @{ FilePlanPropertyCitation = 'String | Optional | File plan citation. Can get a list by running Get-FilePlanPropertyCitation.' FilePlanPropertyAuthority = 'String | Optional | File plan Authority. Can get list by running Get-FilePlanPropertyAuthority.' FilePlanPropertyCategory = 'String | Optional | File plan category. Can get a list by running Get-FilePlanPropertyCategory.' FilePlanPropertyDepartment = 'String | Optional | File plan department. Can get list by running Get-FilePlanPropertyDepartment.' FilePlanPropertyReferenceId = 'String | Optional | File plan reference id. Can get a list by running Get-FilePlanPropertyReferenceId.' FilePlanPropertySubCategory = 'String | Optional | File plan subcategory. Can get a list by running Get-FilePlanPropertySubCategory.' } RetentionDuration = 'String | Optional | The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.' IsRecordLabel = 'Boolean | Optional | The IsRecordLabel parameter specifies whether the label is a record label.' Name = 'String | Required | The Name parameter specifies the unique name of the complaiance tag.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RetentionAction = 'String | Optional | The RetentionAction parameter specifies the action for the label. Valid values are: Delete, Keep or KeepAndDelete. | Delete / Keep / KeepAndDelete' Notes = 'String | Optional | The Notes parameter specifies an optional note. If you specify a value that contains spaces, enclose the value in quotation marks, for example: ''This is a user note''' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' RetentionType = 'String | Optional | The RetentionType parameter specifies whether the retention duration is calculated from the content creation date, tagged date, or last modification date. Valid values are: CreationAgeInDays, EventAgeInDays,ModificationAgeInDays, or TaggedAgeInDays. | CreationAgeInDays / EventAgeInDays / ModificationAgeInDays / TaggedAgeInDays' EventType = 'String | Optional | The EventType parameter specifies the retention rule that''s associated with the label.' ReviewerEmail = 'StringArray | Optional | The ReviewerEmail parameter specifies the email address of a reviewer for Delete and KeepAndDelete retention actions. You can specify multiple email addresses separated by commas.' Regulatory = 'Boolean | Optional | Regulatory description' } ) DeviceConditionalAccessPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the policy is enabled.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' Name = 'String | Required | The name of the Device Conditional Access Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } ) DeviceConfigurationPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Enabled = 'Boolean | Optional | The Enabled parameter specifies whether the policy is enabled.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' Name = 'String | Required | The name of the Device Configuration Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } ) DLPCompliancePolicies = @( @{ ThirdPartyAppDlpLocation = 'StringArray | Optional | The ThirdPartyAppDlpLocation parameter specifies the non-Microsoft cloud apps to include in the DLP policy. You can use the value All to include all connected apps.' PowerBIDlpLocationException = 'StringArray | Optional | The PowerBIDlpLocationException parameter specifies the Power BI workspace IDs to exclude from the DLP policy when you use the value All for the PowerBIDlpLocation parameter. Only workspaces hosted in Premium Gen2 capacities are permitted.' OneDriveLocationException = 'StringArray | Optional | This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.' Priority = 'UInt32 | Optional | Priority for the Policy.' EndpointDlpLocationException = 'StringArray | Optional | The EndpointDlpLocationException parameter specifies the user accounts to exclude from Endpoint DLP when you use the value All for the EndpointDlpLocation parameter. You identify the account by name or email address.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EndpointDlpLocation = 'StringArray | Optional | The EndpointDLPLocation parameter specifies the user accounts to include in the DLP policy for Endpoint DLP when they are logged on to an onboarded device. You identify the account by name or email address. You can use the value All to include all user accounts.' Name = 'String | Required | The Name parameter specifies the unique name of the DLP policy. If the value contains spaces, enclose the value in quotation marks.' OneDriveLocation = 'StringArray | Optional | The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' OnPremisesScannerDlpLocation = 'StringArray | Optional | The OnPremisesScannerDlpLocation parameter specifies the on-premises file shares and SharePoint document libraries and folders to include in the DLP policy. You can use the value All to include all on-premises file shares and SharePoint document libraries and folders.' TeamsLocationException = 'StringArray | Optional | Teams locations to exclude.' UniqueId = 'String | Required | Unique ID to identify this specific object' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' ExchangeLocation = 'StringArray | Optional | The ExchangeLocation parameter specifies Exchange Online mailboxes to include in the DLP policy. You can only use the value All for this parameter to include all mailboxes.' SharePointLocationException = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.' SharePointLocation = 'StringArray | Optional | The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' OnPremisesScannerDlpLocationException = 'StringArray | Optional | The OnPremisesScannerDlpLocationException parameter specifies the on-premises file shares and SharePoint document libraries and folders to exclude from the DLP policy if you use the value All for the OnPremisesScannerDlpLocation parameter.' ExchangeSenderMemberOf = 'StringArray | Optional | Exchange members to include.' ThirdPartyAppDlpLocationException = 'StringArray | Optional | The ThirdPartyAppDlpLocationException parameter specifies the non-Microsoft cloud apps to exclude from the DLP policy when you use the value All for the ThirdPartyAppDlpLocation parameter.' Mode = 'String | Optional | The Mode parameter specifies the action and notification level of the DLP policy. Valid values are: Enable, TestWithNotifications, TestWithoutNotifications, Disable and PendingDeletion. | Enable / TestWithNotifications / TestWithoutNotifications / Disable / PendingDeletion' TeamsLocation = 'StringArray | Optional | Teams locations to include' PowerBIDlpLocation = 'StringArray | Optional | The PowerBIDlpLocation parameter specifies the Power BI workspace IDs to include in the DLP policy. Only workspaces hosted in Premium Gen2 capacities are permitted. You can use the value All to include all supported workspaces.' ExchangeSenderMemberOfException = 'StringArray | Optional | Exchange members to exclude.' } ) DLPComplianceRules = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' DocumentNameMatchesPatterns = 'StringArray | Optional | The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.' ExceptIfSubjectOrBodyMatchesPatterns = 'StringArray | Optional | The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.' ExceptIfRecipientDomainIs = 'StringArray | Optional | The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.' ContentIsNotLabeled = 'Boolean | Optional | The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition.' ExceptIfFromAddressContainsWords = 'StringArray | Optional | The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender''s email address.' ExceptIfProcessingLimitExceeded = 'Boolean | Optional | The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn''t complete.' DocumentNameMatchesWords = 'StringArray | Optional | The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. ' NotifyPolicyTipCustomText = 'String | Optional | The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that''s shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren''t supported.' NotifyAllowOverride = 'StringArray | Optional | The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met. | FalsePositive / WithoutJustification / WithJustification' ExceptIfSenderDomainIs = 'StringArray | Optional | The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. ' SubjectOrBodyMatchesPatterns = 'StringArray | Optional | The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.' NotifyUser = 'StringArray | Optional | The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.' ProcessingLimitExceeded = 'Boolean | Optional | The ProcessingLimitExceeded parameter specifies a condition for the DLP rule that looks for files where scanning couldn''t complete.' ExceptIfAnyOfRecipientAddressContainsWords = 'StringArray | Optional | he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.' ExceptIfSenderIPRanges = 'StringArray | Optional | The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.' FromAddressMatchesPatterns = 'StringArray | Optional | The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender''s email address by using regular expressions. ' DocumentIsPasswordProtected = 'Boolean | Optional | The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can''t be inspected). Password detection only works for Office documents and .zip files.' GenerateAlert = 'StringArray | Optional | The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.' ExceptIfSubjectMatchesPatterns = 'StringArray | Optional | The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.' ContentExtensionMatchesWords = 'StringArray | Optional | The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.' HasSenderOverride = 'Boolean | Optional | The SenderOverride parameter specifies a condition for the rule that looks for messages where the sender chose to override a DLP policy.' ExceptIfDocumentIsPasswordProtected = 'Boolean | Optional | The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can''t be inspected). Password detection only works for Office documents and .zip files. ' BlockAccessScope = 'String | Optional | The BlockAccessScope parameter specifies the scope of the block access action. | All / PerUser / None' ExceptIfSubjectOrBodyContainsWords = 'StringArray | Optional | The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.' ExceptIfMessageTypeMatches = 'StringArray | Optional | The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type.' ExceptIfContentContainsSensitiveInformation = @{ Operator = 'String | Optional | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Groups = @( @{ Operator = 'String | Required | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Labels = @( @{ name = 'String | Required | Name of the Sensitive Label' id = 'String | Optional | Id of the Sensitive Information label' type = 'String | Optional | Type of the Sensitive Information label' } ) Name = 'String | Required | Name of the group' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) } ExceptIfFromAddressMatchesPatterns = 'StringArray | Optional | The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender''s email address by using regular expressions.' AnyOfRecipientAddressContainsWords = 'StringArray | Optional | The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses.' RecipientDomainIs = 'StringArray | Optional | The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.' IncidentReportContent = 'StringArray | Optional | The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter. | All / Default / DetectionDetails / Detections / DocumentAuthor / DocumentLastModifier / MatchedItem / OriginalContent / RulesMatched / Service / Severity / Title / RetentionLabel / SensitivityLabel' Comment = 'String | Optional | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.' ExceptIfHasSenderOverride = 'Boolean | Optional | The ExceptIfHasSenderOverride parameter specifies an exception for the rule that looks for messages where the sender chose to override a DLP policy.' GenerateIncidentReport = 'StringArray | Optional | The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' AccessScope = 'String | Optional | The AccessScope parameter specifies a condition for the DLP rule that''s based on the access scope of the content. The rule is applied to content that matches the specified access scope. | InOrganization / NotInOrganization / None' RemoveRMSTemplate = 'Boolean | Optional | The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments.' FromScope = 'StringArray | Optional | The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.' ExceptIfContentPropertyContainsWords = 'StringArray | Optional | The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that''s based on a property match in content.' ExceptIfDocumentNameMatchesPatterns = 'StringArray | Optional | The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.' ContentCharacterSetContainsWords = 'StringArray | Optional | The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.' AnyOfRecipientAddressMatchesPatterns = 'StringArray | Optional | The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.' NotifyEmailCustomText = 'String | Optional | The NotifyEmailCustomText parameter specifies the custom text in the email notification message that''s sent to recipients when the conditions of the rule are met.' ExceptIfDocumentNameMatchesWords = 'StringArray | Optional | The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.' ExceptIfSentTo = 'StringArray | Optional | The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.' Policy = 'String | Required | Name of the associated DLP Compliance Policy.' ExceptIfContentCharacterSetContainsWords = 'StringArray | Optional | The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages.' ContentContainsSensitiveInformation = @{ Operator = 'String | Optional | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Groups = @( @{ Operator = 'String | Required | Operator | And / Or' SensitiveInformation = @( @{ maxconfidence = 'String | Optional | Maximum Confidence level value for the Sensitive Information' id = 'String | Optional | Id of the Sensitive Information Content' minconfidence = 'String | Optional | Minimum Confidence level value for the Sensitive Information' classifiertype = 'String | Optional | Type of Classifier value for the Sensitive Information' name = 'String | Required | Name of the Sensitive Information Content' mincount = 'String | Optional | Minimum Count value for the Sensitive Information' maxcount = 'String | Optional | Maximum Count value for the Sensitive Information' } ) Labels = @( @{ name = 'String | Required | Name of the Sensitive Label' id = 'String | Optional | Id of the Sensitive Information label' type = 'String | Optional | Type of the Sensitive Information label' } ) Name = 'String | Required | Name of the group' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) } SubjectOrBodyContainsWords = 'StringArray | Optional | The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.' ExceptIfFromScope = 'StringArray | Optional | The ExceptIfFromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.' BlockAccess = 'Boolean | Optional | The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value.' SentToMemberOf = 'StringArray | Optional | The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.' StopPolicyProcessing = 'Boolean | Optional | The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules.' Disabled = 'Boolean | Optional | The Disabled parameter specifies whether the DLP rule is disabled.' ReportSeverityLevel = 'String | Optional | The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. | Low / Medium / High / None' ExceptIfDocumentIsUnsupported = 'Boolean | Optional | The ExceptIfDocumentIsUnsupported parameter specifies an exception for the DLP rule that looks for files that can''t be scanned.' MessageTypeMatches = 'StringArray | Optional | The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.' RuleErrorAction = 'String | Optional | The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. | Ignore / RetryThenBlock' ContentPropertyContainsWords = 'StringArray | Optional | The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that''s based on a property match in content. The rule is applied to content that contains the specified property.' DocumentIsUnsupported = 'Boolean | Optional | The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can''t be scanned.' SubjectMatchesPatterns = 'StringArray | Optional | The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.' SubjectContainsWords = 'StringArray | Optional | The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.' ExceptIfContentExtensionMatchesWords = 'StringArray | Optional | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.' Name = 'String | Required | Name of the Rule.' DocumentContainsWords = 'StringArray | Optional | The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.' ExceptIfSubjectContainsWords = 'StringArray | Optional | The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.' FromAddressContainsWords = 'StringArray | Optional | The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender''s email address.' UniqueId = 'String | Required | Unique ID to identify this specific object' ExceptIfAnyOfRecipientAddressMatchesPatterns = 'StringArray | Optional | The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.' SetHeader = 'StringArray | Optional | The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas' } ) FilePlanPropertyAuthorities = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies the unique name of the Authority.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this authority should exist or not. | Present / Absent' } ) FilePlanPropertyCategories = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies the unique name of the category.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this category should exist or not. | Present / Absent' } ) FilePlanPropertyCitations = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this citation should exist or not. | Present / Absent' Name = 'String | Required | The Name parameter specifies the unique name of the citation.' CitationJurisdiction = 'String | Optional | Jurisdiction of the citation.' CitationUrl = 'String | Optional | URL of the citation.' } ) FilePlanPropertyDepartments = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies the unique name of the department.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this department should exist or not. | Present / Absent' } ) FilePlanPropertyReferenceIds = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies the unique name of the reference id.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this reference id should exist or not. | Present / Absent' } ) FilePlanPropertySubCategories = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Category = 'String | Required | The Category parameter specifies the name of the parent category associated with the sub-category.' Name = 'String | Required | The Name parameter specifies the unique name of the sub-category.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this category should exist or not. | Present / Absent' } ) LabelPolicies = @( @{ AddModernGroupLocationException = 'StringArray | Optional | The AddModernGroupLocationException parameter specifies the Microsoft 365 Groups to add to exclusions when you''re using the value All for the ModernGroupLocation parameter.' RemoveModernGroupLocation = 'StringArray | Optional | The RemoveModernGroupLocation parameter specifies the Microsoft 365 Groups to remove from the policy.' Name = 'String | Required | The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.' ModernGroupLocation = 'StringArray | Optional | The ModernGroupLocation parameter specifies the Microsoft 365 Groups to include in the policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' RemoveExchangeLocation = 'StringArray | Optional | The RemoveExchangeLocation parameter specifies the mailboxes to remove from the policy.' AddExchangeLocation = 'StringArray | Optional | The AddExchangeLocation parameter specifies the mailboxes to add in the existing policy.' RemoveLabels = 'StringArray | Optional | The RemoveLabels parameter specifies the sensitivity labels that are removed from the policy. You can use any value that uniquely identifies the label.' Labels = 'StringArray | Optional | The Labels parameter specifies the sensitivity labels that are associated with the policy. You can use any value that uniquely identifies the label.' ExchangeLocation = 'StringArray | Optional | The ExchangeLocation parameter specifies the mailboxes to include in the policy.' Ensure = 'String | Optional | Specify if this label policy should exist or not. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' RemoveModernGroupLocationException = 'StringArray | Optional | The RemoveModernGroupLocationException parameter specifies the Microsoft 365 Groups to remove from excluded values when you''re using the value All for the ModernGroupLocation parameter.' ModernGroupLocationException = 'StringArray | Optional | The ModernGroupLocationException parameter specifies the Microsoft 365 Groups to exclude when you''re using the value All for the ModernGroupLocation parameter.' AddModernGroupLocation = 'StringArray | Optional | The AddModernGroupLocation parameter specifies the Microsoft 365 Groups to add to include the policy.' ExchangeLocationException = 'StringArray | Optional | The ExchangeLocationException parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.' AddExchangeLocationException = 'StringArray | Optional | The AddExchangeLocationException parameter specifies the mailboxes to add to exclusions when you use the value All for the ExchangeLocation parameter.' AddLabels = 'StringArray | Optional | The AddLabels parameter specifies the sensitivity labels to add to the policy. You can use any value that uniquely identifies the label.' AdvancedSettings = @( @{ Key = 'String | Optional | Advanced settings key.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'StringArray | Optional | Advanced settings value.' } ) RemoveExchangeLocationException = 'StringArray | Optional | The RemoveExchangeLocationException parameter specifies the mailboxes to remove when you use the value All for the ExchangeLocation parameter.' } ) ProtectionAlerts = @( @{ NotificationEnabled = 'Boolean | Optional | NotificationEnabled true or false' NotifyUserThrottleWindow = 'UInt32 | Optional | Specifies the time interval in minutes that''s used by the NotifyUserThrottleThreshold parameter' Threshold = 'UInt32 | Optional | Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that''s greater than or equal to 3.' Operation = 'StringArray | Optional | Specifies the activities that are monitored by the alert policy' NotifyUser = 'StringArray | Optional | Specifies the SMTP address of the user who receives notification messages for the alert policy. You can specify multiple values separated by commas' NotifyUserThrottleThreshold = 'UInt32 | Optional | Specifies the maximum number of notifications for the alert policy within the time period specified by the NotifyUserThrottleWindow parameter. Once the maximum number of notifications has been reached in the time period, no more notifications are sent for the alert.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PrivacyManagementScopedSensitiveInformationTypesForCounting = 'StringArray | Optional | PrivacyManagementScopedSensitiveInformationTypesForCounting' NotificationCulture = 'String | Optional | Specifies the language or locale that''s used for notifications. For example, da-DK for Danish' AggregationType = 'String | Optional | Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity | None / SimpleAggregation / AnomalousAggregation / CustomAggregation' NotifyUserSuppressionExpiryDate = 'DateTime | Optional | Specifies whether to temporarily suspend notifications for the alert policy. Until the specified date-time, no notifications are sent for detected activities.' AlertBy = 'StringArray | Optional | Specifies the scope for aggregated alert policies' VolumeThreshold = 'UInt32 | Optional | Volume Threshold' TimeWindow = 'UInt32 | Optional | Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that''s greater than 60 (one hour).' PrivacyManagementScopedSensitiveInformationTypes = 'StringArray | Optional | PrivacyManagementScopedSensitiveInformationTypes' Comment = 'String | Optional | Specifies an optional comment' Category = 'String | Optional | Specifies a category for the alert policy' AlertFor = 'StringArray | Optional | This parameter is reserved for internal Microsoft use' Ensure = 'String | Optional | Specify if this alert should exist or not. | Present / Absent' Disabled = 'Boolean | Optional | Enables or disables the alert policy' Severity = 'String | Optional | specifies the severity of the detection | Low / Medium / High / Informational' Filter = 'String | Optional | The Filter parameter uses OPATH syntax to filter the results by the specified properties and values' NotifyUserOnFilterMatch = 'Boolean | Optional | Specifies whether to trigger an alert for a single event when the alert policy is configured for aggregated activity' ThreatType = 'String | Optional | Specifies the type of activities that are monitored by the alert policy | Activity / Malware / Phish / Malicious / MaliciousUrlClick / MailFlow' UniqueId = 'String | Required | Unique ID to identify this specific object' Name = 'String | Required | Specifies the unique name for the alert policy' PrivacyManagementScopedSensitiveInformationTypesThreshold = 'UInt64 | Optional | PrivacyManagementScopedSensitiveInformationTypesThreshold' } ) RetentionCompliancePolicies = @( @{ Comment = 'String | Optional | The Comment parameter specifies an optional comment.' PublicFolderLocation = 'StringArray | Optional | The PublicFolderLocation parameter specifies that you want to include all public folders in the retention policy. You use the value All for this parameter.' OneDriveLocationException = 'StringArray | Optional | This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.' TeamsChatLocationException = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChatLocation parameter. You identify the site by its URL value.' Name = 'String | Required | The Name parameter specifies the unique name of the retention policy.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SkypeLocation = 'StringArray | Optional | The SkypeLocation parameter specifies the Skype for Business Online users to include in the policy.' TeamsChannelLocationException = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChannelLocation parameter. You identify the site by its URL value.' OneDriveLocation = 'StringArray | Optional | The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' ExchangeLocation = 'StringArray | Optional | The ExchangeLocation parameter specifies the mailboxes to include.' SkypeLocationException = 'StringArray | Optional | This parameter is reserved for internal Microsoft use.' TeamsChatLocation = 'StringArray | Optional | The TeamsChatLocation parameter specifies the Teams Chat to include in the policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' RestrictiveRetention = 'Boolean | Optional | The RestrictiveRetention parameter specifies whether Preservation Lock is enabled for the policy.' ExchangeLocationException = 'StringArray | Optional | This parameter specifies the mailboxes to remove from the list of excluded mailboxes when you use the value All for the ExchangeLocation parameter' DynamicScopeLocation = 'StringArray | Optional | Location of the dynamic scope for this policy.' TeamsChannelLocation = 'StringArray | Optional | The TeamsChannelLocation parameter specifies the Teams Channel to include in the policy.' SharePointLocationException = 'StringArray | Optional | This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.' ModernGroupLocationException = 'StringArray | Optional | The ModernGroupLocationException parameter specifies the Office 365 groups to exclude when you''re using the value All for the ModernGroupLocation parameter.' SharePointLocation = 'StringArray | Optional | The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.' ModernGroupLocation = 'StringArray | Optional | The ModernGroupLocation parameter specifies the Office 365 groups to include in the policy.' Enabled = 'Boolean | Optional | Determines if the policy is enabled or not.' } ) RetentionComplianceRules = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Name = 'String | Required | The Name parameter specifies the unique name of the retention rule.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' ContentMatchQuery = 'String | Optional | The ContentMatchQuery parameter specifies a content search filter.' RetentionDurationDisplayHint = 'String | Optional | The RetentionDurationDisplayHint parameter specifies the units that are used to display the retention duration in the Security and Compliance Center. Valid values are: Days, Months or Years. | Days / Months / Years' RetentionComplianceAction = 'String | Optional | The RetentionComplianceAction parameter specifies the retention action for the rule. Valid values are: Delete, Keep and KeepAndDelete. | Delete / Keep / KeepAndDelete' RetentionDuration = 'String | Optional | The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.' ExcludedItemClasses = 'StringArray | Optional | The ExcludedItemClasses parameter specifies the types of messages to exclude from the rule. You can use this parameter only to exclude items from a hold policy, which excludes the specified item class from being held. Using this parameter won''t exclude items from deletion policies. Typically, you use this parameter to exclude voicemail messages, IM conversations, and other Skype for Business Online content from being held by a hold policy.' Policy = 'String | Required | The Policy parameter specifies the policy to contain the rule.' ExpirationDateOption = 'String | Optional | The ExpirationDateOption parameter specifies whether the expiration date is calculated from the content creation date or last modification date. Valid values are: CreationAgeInDays and ModificationAgeInDays. | CreationAgeInDays / ModificationAgeInDays' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' } ) RetentionEventTypes = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' Name = 'String | Required | The Name parameter specifies the unique name of the retention event type.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' } ) RoleGroups = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The Description parameter specifies the description that''s displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Role Group should exist or not. | Present / Absent' Roles = 'StringArray | Optional | The Roles parameter specifies the management roles to assign to the role group when it''s created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.' Name = 'String | Required | The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.' } ) RoleGroupMembers = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | The Description parameter specifies the description that''s displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if the Role Group Members should exist or not. | Present / Absent' Name = 'String | Required | The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.' Members = 'StringArray | Optional | The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks' } ) SecurityFilters = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Action = 'String | Optional | The Action parameter filters the results by the type of search action that a filter is applied to. | Export / Preview / Purge / Search / All' Filters = 'StringArray | Optional | The Filters parameter specifies the search criteria for the compliance security filter. The filters are applied to the users specified by the Users parameter. You can create three different types of filters: Mailbox filter, Mailbox content filter or Site and site content filter' Ensure = 'String | Optional | Specify if this label policy should exist or not. | Present / Absent' Region = 'String | Optional | The Region parameter specifies the satellite location for multi-geo tenants to conduct eDiscovery searches in. | APC / AUS / CAN / EUR / FRA / GBR / IND / JPN / LAM / NAM / ' Users = 'StringArray | Optional | The User parameter filters the results by the user who gets a filter applied to their searches. Acceptable values are : The alias or email address of a user, All or The name of a role group' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | The Description parameter specifies a description for the compliance security filter. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").' FilterName = 'String | Required | The FilterName parameter specifies the name of the compliance security filter that you want to view. If the value contains spaces, enclose the value in quotation marks (").' } ) SensitivityLabels = @( @{ ApplyContentMarkingHeaderFontSize = 'SInt32 | Optional | The ApplyContentMarkingHeaderFontSize parameter specifies the font size (in points) of the header text.' EncryptionRightsDefinitions = 'String | Optional | The EncryptionRightsDefinitions parameter specifies the rights users have when accessing protected. This parameter uses the syntax Identity1:Rights1,Rights2;Identity2:Rights3,Rights4. For example, john@contoso.com:VIEW,EDIT;microsoft.com:VIEW.' SiteAndGroupProtectionBlockAccess = 'Boolean | Optional | The SiteAndGroupProtectionBlockAccess parameter blocks access.' ApplyWaterMarkingText = 'String | Optional | The ApplyWaterMarkingText parameter specifies the watermark text. If the value contains spaces, enclose the value in quotation marks.' UniqueId = 'String | Required | Unique ID to identify this specific object' DisplayName = 'String | Optional | The DisplayName parameter specifies the display name for the sensitivity label. The display name appears in the Microsoft Office and is used by Outlook users to select the appropriate sensitivity label before they send a message.' ApplyContentMarkingFooterMargin = 'SInt32 | Optional | The ApplyContentMarkingFooterMargin parameter specifies the size (in points) of the footer margin.' ApplyWaterMarkingFontColor = 'String | Optional | The ApplyWaterMarkingFontColor parameter specifies the color of the watermark text. This parameter accepts a hexadecimal color code value in the format #xxxxxx.' EncryptionProtectionType = 'String | Optional | The EncryptionProtectionType parameter specifies the protection type for encryption. | Template / RemoveProtection / UserDefined' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SiteAndGroupProtectionAllowAccessToGuestUsers = 'Boolean | Optional | The SiteAndGroupProtectionAllowAccessToGuestUsers parameter enables or disables access to guest users.' ApplyContentMarkingHeaderEnabled = 'Boolean | Optional | The ApplyContentMarkingHeaderEnabled parameter enables or disables the Apply Content Marking Header action for the label.' SiteAndGroupProtectionAllowLimitedAccess = 'Boolean | Optional | The SiteAndGroupProtectionAllowLimitedAccess parameter enables or disables limited access.' SiteAndGroupExternalSharingControlType = 'String | Optional | The SiteAndGroupExternalSharingControlType parameter specifies the external user sharing setting for the label. | ExternalUserAndGuestSharing / ExternalUserSharingOnly / ExistingExternalUserSharingOnly / Disabled' ApplyContentMarkingHeaderText = 'String | Optional | The ApplyContentMarkingHeaderText parameter specifies the header text. If the value contains spaces, enclose the value in quotation marks.' Priority = 'UInt32 | Optional | The Priority parameter specifies a priority value for the sensitivity label that determines the order of label processing. A lower integer value indicates a highter priority.' EncryptionRightsUrl = 'String | Optional | The EncryptionRightsUrl parameter specifies the URL for hold your own key (HYOK) protection.' ParentId = 'String | Optional | The ParentId parameter specifies the parent label that you want this label to be under (a sublabel). You can use any value that uniquely identifies the parent sensitivity label for example name.' ApplyContentMarkingHeaderMargin = 'SInt32 | Optional | The ApplyContentMarkingHeaderMargin parameter specifies the size (in points) of the header margin.' Comment = 'String | Optional | The Comment parameter specifies an optional comment.' ApplyContentMarkingFooterEnabled = 'Boolean | Optional | The ApplyContentMarkingFooterEnabled parameter specifies whether to enable or disable the sensitivity label.' ApplyContentMarkingFooterFontSize = 'SInt32 | Optional | The ApplyContentMarkingFooterFontSize parameter specifies the font size (in points) of the footer text.' ApplyContentMarkingHeaderFontColor = 'String | Optional | The ApplyContentMarkingHeaderFontColor parameter specifies the color of the header text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.' SiteAndGroupProtectionPrivacy = 'String | Optional | The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label. | Public / Private / Unspecified' EncryptionOfflineAccessDays = 'SInt32 | Optional | The EncryptionOfflineAccessDays parameter specifies the number of days that offline access is allowed.' ApplyContentMarkingFooterText = 'String | Optional | The ApplyContentMarkingFooterText parameter specifies the footer text. If the value contains spaces, enclose the value in quotation marks.' ApplyWaterMarkingFontSize = 'SInt32 | Optional | The ApplyWaterMarkingFontSize parameter specifies the font size (in points) of the watermark text.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' EncryptionEnabled = 'Boolean | Optional | The EncryptionEnabled parameter specifies whether encryption in enabled.' ApplyContentMarkingHeaderAlignment = 'String | Optional | The ApplyContentMarkingHeaderAlignment parameter specifies the header alignment. | Left / Center / Right' SiteAndGroupProtectionAllowFullAccess = 'Boolean | Optional | The SiteAndGroupProtectionAllowFullAccess parameter enables or disables full access.' AdvancedSettings = @( @{ Key = 'String | Optional | Advanced settings key.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'StringArray | Optional | Advanced settings value.' } ) ApplyContentMarkingFooterAlignment = 'String | Optional | The ApplyContentMarkingFooterAlignment parameter specifies the footer alignment. | Left / Center / Right' EncryptionDoNotForward = 'Boolean | Optional | The EncryptionDoNotForward parameter specifies whether the Do Not Forward template is applied.' ApplyWaterMarkingEnabled = 'Boolean | Optional | The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label.' SiteAndGroupProtectionAllowEmailFromGuestUsers = 'Boolean | Optional | The SiteAndGroupProtectionAllowEmailFromGuestUsers parameter enables or disables email from guest users.' ApplyWaterMarkingLayout = 'String | Optional | The ApplyWaterMarkingAlignment parameter specifies the watermark alignment. | Horizontal / Diagonal' ApplyContentMarkingFooterFontColor = 'String | Optional | The ApplyContentMarkingFooterFontColor parameter specifies the color of the footer text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.' EncryptionPromptUser = 'Boolean | Optional | The EncryptionPromptUser parameter specifies whether to set the label with user defined permission in Word, Excel, and PowerPoint.' SiteAndGroupProtectionEnabled = 'Boolean | Optional | The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels.' EncryptionEncryptOnly = 'Boolean | Optional | The EncryptionEncryptOnly parameter specifies whether the encrypt-only template is applied.' Name = 'String | Required | The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.' LocaleSettings = @( @{ LabelSettings = @( @{ Key = 'String | Optional | Advanced settings key.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'StringArray | Optional | Advanced settings value.' } ) localeKey = 'String | Optional | Name of the Local key.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' } ) ContentType = 'StringArray | Optional | The ContentType parameter specifies where the sensitivity label can be applied. | File, Email / Site, UnifiedGroup / PurviewAssets / Teamwork / SchematizedData' EncryptionContentExpiredOnDateInDaysOrNever = 'String | Optional | The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are integer or never.' Tooltip = 'String | Optional | The ToolTip parameter specifies the default tooltip and sensitivity label description that''s seen by users. It the value contains spaces, enclose the value in quotation marks.' } ) SupervisoryReviewPolicies = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' Comment = 'String | Optional | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.' Name = 'String | Required | The Name parameter specifies the unique name for the supervisory review policy. The name can''t exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.' Reviewers = 'StringArray | Required | The Reviewers parameter specifies the SMTP addresses of the reviewers for the supervisory review policy. You can specify multiple email addresses separated by commas.' } ) SupervisoryReviewRules = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this rule should exist or not. | Present / Absent' Condition = 'String | Optional | The Condition parameter specifies the conditions and exceptions for the rule.' SamplingRate = 'UInt32 | Optional | The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.' Policy = 'String | Required | The Policy parameter specifies the supervisory review policy that''s assigned to the rule. You can use any value that uniquely identifies the policy.' Name = 'String | Required | The Name parameter specifies the unique name for the supervisory review policy. The name can''t exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.' } ) } SharePoint = @{ AccessControlSettings = @{ Ensure = 'String | Optional | Only value accepted is ''Present'' | Present / Absent' EmailAttestationRequired = 'Boolean | Optional | Sets email attestation to required' EmailAttestationReAuthDays = 'UInt32 | Optional | Sets email attestation re-auth days' ConditionalAccessPolicy = 'String | Optional | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | AllowFullAccess / AllowLimitedAccess / BlockAccess / ProtectionLevel' AccessTokens = 'StringArray | Optional | Access token used for authentication.' StartASiteFormUrl = 'String | Optional | Specifies URL of the form to load in the Start a Site dialog. The valid values are:<emptyString> (default) - Blank by default, this will also remove or clear any value that has been set.Full URL - Example: https://contoso.sharepoint.com/path/to/form' IPAddressEnforcement = 'Boolean | Optional | Allows access from network locations that are defined by an administrator.' DisplayStartASiteOption = 'Boolean | Optional | Determines whether tenant users see the Start a Site menu option' DisallowInfectedFileDownload = 'Boolean | Optional | Prevents the Download button from being displayed on the Virus Found warning page.' ExternalServicesEnabled = 'Boolean | Optional | Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.' IPAddressAllowList = 'String | Optional | Configures multiple IP addresses or IP address ranges (IPv4 or IPv6). Use commas to separate multiple IP addresses or IP address ranges.' IPAddressWACTokenLifetime = 'UInt32 | Optional | Office webapps TokenLifeTime in minutes' } Apps = @( @{ Path = 'String | Required | The path the the app package on disk.' Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' Overwrite = 'Boolean | Optional | Overwrites the existing app package if it already exists.' Publish = 'Boolean | Optional | This will deploy/trust an app into the app catalog.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The name of the App.' } ) BrowserIdleSignout = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Enabled = 'Boolean | Optional | Enables the browser idle sign-out policy' WarnAfter = 'String | Optional | Specifies a time interval of inactivity before the user gets a warning about being signed out' SignOutAfter = 'String | Optional | Specifies a time interval of inactivity before the user gets signed out' } HomeSite = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Url = 'String | Optional | The URL of the home site collection' Ensure = 'String | Optional | Present ensures the site collection is registered as home site, absent ensures it is unregistered | Present / Absent' } HubSites = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Url = 'String | Required | The URL of the site collection' Description = 'String | Optional | The description of the hub site' Ensure = 'String | Optional | Present ensures the site collection is registered as hub site, absent ensures it is unregistered | Present / Absent' RequiresJoinApproval = 'Boolean | Optional | Does the hub site require approval to join' AllowedToJoin = 'StringArray | Optional | The users or mail-enabled security groups which are allowed to associate their site with a hub site' AccessTokens = 'StringArray | Optional | Access token used for authentication.' LogoUrl = 'String | Optional | The url to the logo of the hub site' SiteDesignId = 'String | Optional | The guid of the site design to link to the hub site' Title = 'String | Optional | The title of the hub site' } ) OrgAssetsLibraries = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' ThumbnailUrl = 'String | Optional | Indicates the absolute URL of the library to be designated as a central location for organization Indicates the URL of the background image used when the library is publicly displayed. If no thumbnail URL is indicated, the card will have a gray background.' Ensure = 'String | Optional | Specify if the SPO Org Assets library should exist or not. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' LibraryUrl = 'String | Required | Indicates the absolute URL of the library to be designated as a central location for organization assets.' CdnType = 'String | Optional | Specifies the CDN type. The valid values are public or private. | Public / Private' } ) PropertyBags = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Url = 'String | Required | Url of the site where to configure the PropertyBag property.' Key = 'String | Required | Key that should be configured.' Ensure = 'String | Optional | Specify if this policy should exist or not. | Present / Absent' Value = 'String | Required | Value of the assigned key.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } ) SearchManagedProperties = @( @{ Searchable = 'Boolean | Optional | Enables querying against the content of the managed property. The content of this managed property is included in the full-text index. For example, if the property is ''author'', a simple query for ''Smith'' returns items containing the word ''Smith'' and items whose author property contains ''Smith''.' Description = 'String | Optional | Description of the Managed Property' Type = 'String | Required | The Type of the Managed Property | Text / Integer / Decimal / DateTime / YesNo / Double / Binary' FullTextContext = 'UInt32 | Optional | Defines the context of a managed property within its full-text index.' Name = 'String | Required | The Name of the Managed Property' AccessTokens = 'StringArray | Optional | Access token used for authentication.' MappedCrawledProperties = 'StringArray | Optional | Names of the crawled properties that are mapped to this managed property' UniqueId = 'String | Required | Unique ID to identify this specific object' TokenNormalization = 'Boolean | Optional | Enable to return results independent of letter casing and diacritics(for example accented characters) used in the query.' LanguageNeutralTokenization = 'Boolean | Optional | By default, search depends on language when it breaks queries and content into parts (tokenization). Select language neutral tokenization if you have multilingual content and this managed property contains tags that are based on metadata term sets or other identifiers.' FinerQueryTokenization = 'Boolean | Optional | By default, search tokenizes queries coarser than content. If a managed property ''ID'' contains the string ''1-23-456#7'', and you query ID:''1-23'', you might not get a partial match because search didn''t break the query into small enough parts. Consider selecting finer query tokenization if the content of this managed property contains separators such as dots and dashes. Finer query tokenization makes queries against this managed property slower.' AllowMultipleValues = 'Boolean | Optional | Allow multiple values of the same type in this managed property. For example, if this is the ''author'' managed property, and a document has multiple authors, each author name will be stored as a separate value in this managed property.' Ensure = 'String | Optional | Present ensures the Search Managed Property exists. | Present' FullTextIndex = 'String | Optional | Defines which full-text index the Managed Property is stored in.' Aliases = 'StringArray | Optional | Define an alias for a managed property if you want to use the alias instead of the managed property name in queries and in search results. Use the original managed property and not the alias to map to a crawled property. Use an alias if you don''t want to or don''t have permission to create a new managed property.' CompanyNameExtraction = 'Boolean | Optional | Enables the system to extract company name entities from the managed property when crawling new or updated items. Afterwards, the extracted entities can be used to set up refiners in the web part.' CompleteMatching = 'Boolean | Optional | By default, search returns partial matches between queries against this managed property and its content. Select Complete Matching for search to return exact matches instead. If a managed property ''Title'' contains ''Contoso Sites'', only the query Title: ''Contoso Sites'' will give a result.' Refinable = 'String | Optional | Yes: Enables using the property as a refiner for search results in the front end. You must manually configure the refiner in the web part. Yes - latent: Enables switching refinable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect. | No / Yes - latent / Yes' Safe = 'Boolean | Optional | Enables this managed property to be returned for queries executed by anonymous users. Enable this setting for managed properties that do not contain sensitive information and are appropriate for anonymous users to view.' Retrievable = 'Boolean | Optional | Enables the content of this managed property to be returned in search results. Enable this setting for managed properties that are relevant to present in search results.' Queryable = 'Boolean | Optional | Enables querying against the specific Managed Property. The Managed Property field name must be included in the query, either specified in the query itself or included in the query programmatically. If the Managed Property is ''author'', the query must contain ''author:Smith''.' Sortable = 'String | Optional | Yes: Enables sorting the result set based on the property before the result set is returned. Use for example for large result sets that cannot be sorted and retrieved at the same time. Yes - latent: Enables switching sortable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect. | No / Yes - latent / Yes' } ) SearchResultSources = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Name = 'String | Required | The Name of the Result Source.' Description = 'String | Optional | Description of the Result Source.' Type = 'String | Optional | Select SharePoint Search Results to search over the entire index. Select People Search Results to enable query processing specific to People Search, such as phonetic name matching or nickname matching. Only people profiles will be returned from a People Search source. | SharePoint / People' Ensure = 'String | Optional | Present ensures the Search Result Source exists. | Present' SourceURL = 'String | Optional | Address of the root site collection of the remote SharePoint farm or Exchange server.' ShowPartialSearch = 'Boolean | Optional | Show partial search or not' UseAutoDiscover = 'Boolean | Optional | Specifies if AutoDiscover should be used for the Exchange Source URL' AccessTokens = 'StringArray | Optional | Access token used for authentication.' QueryTransform = 'String | Optional | Change incoming queries to use this new query text instead. Include the incoming query in the new text by using the query variable ''{searchTerms}''.' Protocol = 'String | Required | The protocol of the Result Source. | Local / Remote / OpenSearch / Exchange' } ) SharingSettings = @{ NotifyOwnersWhenItemsReshared = 'Boolean | Optional | When this parameter is set to $true and another user re-shares a document from a user�??s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.' DefaultLinkPermission = 'String | Optional | Specifies the link permission on the tenant level. Valid values to set are View and Edit. A value of None will be set to Edit as its the default value. | None / View / Edit' RequireAcceptingAccountMatchInvitedAccount = 'Boolean | Optional | Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address.Administrators who desire increased control over external collaborators should consider enabling this feature. False (default) - When a document is shared with an external user, bob@contoso.com, it can be accepted by any user with access to the invitation link in the original e-mail.True - User must accept this invitation with bob@contoso.com.' FolderAnonymousLinkType = 'String | Optional | Configures anonymous link types for folders | View / Edit' PreventExternalUsersFromResharing = 'Boolean | Optional | Allow or deny external users re-sharing' ShowPeoplePickerSuggestionsForGuestUsers = 'Boolean | Optional | Enables the administrator to hide the guest users claim in the People Picker.' FileAnonymousLinkType = 'String | Optional | Configures anonymous link types for files | View / Edit' ExternalUserExpirationRequired = 'Boolean | Optional | Enable Guest access to a site or Onedrive to expire after' ExternalUserExpireInDays = 'UInt32 | Optional | Specifies Number of days for Guest Access links to expire.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Only accepted value is ''Present''. | Present / Absent' DefaultSharingLinkType = 'String | Optional | Lets administrators choose what type of link appears is selected in the ''Get a link'' sharing dialog box in OneDrive for Business and SharePoint Online | None / Direct / Internal / AnonymousAccess' ShowAllUsersClaim = 'Boolean | Optional | Enables the administrator to hide the All Users claim groups in People Picker.' ShowEveryoneExceptExternalUsersClaim = 'Boolean | Optional | Enables the administrator to hide the Everyone except external users claim in the People Picker.' ProvisionSharedWithEveryoneFolder = 'Boolean | Optional | Creates a Shared with Everyone folder in every user''s new OneDrive for Business document library.' ShowEveryoneClaim = 'Boolean | Optional | Enables the administrator to hide the Everyone claim in the People Picker.' SharingCapability = 'String | Optional | Configures sharing capability for SharePoint | ExistingExternalUserSharingOnly / ExternalUserAndGuestSharing / Disabled / ExternalUserSharingOnly' MySiteSharingCapability = 'String | Optional | Configures sharing capability for mysite (onedrive) | ExistingExternalUserSharingOnly / ExternalUserAndGuestSharing / Disabled / ExternalUserSharingOnly' SharingAllowedDomainList = 'StringArray | Optional | Specifies a list of email domains that is allowed for sharing with the external collaborators. Entry values as an array of domains.' SharingBlockedDomainList = 'StringArray | Optional | Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Entry values as an array of domains.' SharingDomainRestrictionMode = 'String | Optional | Specifies the external sharing mode for domains. | None / AllowList / BlockList' RequireAnonymousLinksExpireInDays = 'UInt32 | Optional | Specifies all anonymous links that have been created (or will be created) will expire after the set number of days.' EnableGuestSignInAcceleration = 'Boolean | Optional | Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.' BccExternalSharingInvitations = 'Boolean | Optional | When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.' BccExternalSharingInvitationsList = 'String | Optional | Specifies a list of e-mail addresses to be BCC''d when the BCC for External Sharing feature is enabled.Multiple addresses can be specified by creating a comma separated list with no spaces.' } Sites = @( @{ TimeZoneId = 'UInt32 | Required | TimeZone ID of the site collection.' SharingCapability = 'String | Optional | Specifies what the sharing capabilities are for the site. Possible values: Disabled, ExternalUserSharingOnly, ExternalUserAndGuestSharing, ExistingExternalUserSharingOnly. | Disabled / ExistingExternalUserSharingOnly / ExternalUserSharingOnly / ExternalUserAndGuestSharing' Template = 'String | Optional | Specifies with template of site to create.' DisableFlows = 'Boolean | Optional | Disables Microsoft Flow for this site.' RestrictedToRegion = 'String | Optional | Defines geo-restriction settings for this site | NoRestriction / BlockMoveOnly / BlockFull / Unknown' Url = 'String | Required | The URL of the site collection.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SharingBlockedDomainList = 'String | Optional | Specifies a list of email domains that is blocked for sharing with the external collaborators.' DefaultLinkPermission = 'String | Optional | Specifies the default link permission for the site collection. None - Respect the organization default link permission. View - Sets the default link permission for the site to ''view'' permissions. Edit - Sets the default link permission for the site to ''edit'' permissions. | None / View / Edit' HubUrl = 'String | Optional | The URL of the Hub site the site collection needs to get connected to.' StorageWarningLevel = 'UInt32 | Optional | Specifies the warning level for the storage quota in megabytes. This value must not exceed the values set for the StorageMaximumLevel parameter.' Title = 'String | Required | The title of the site collection.' CommentsOnSitePagesDisabled = 'Boolean | Optional | Specifies if comments on site pages are enabled or disabled.' SharingDomainRestrictionMode = 'String | Optional | Specifies the external sharing mode for domains. | None / AllowList / BlockList' SharingAllowedDomainList = 'String | Optional | Specifies a list of email domains that is allowed for sharing with the external collaborators. Use the space character as the delimiter.' Ensure = 'String | Optional | Present ensures the site collection exists, absent ensures it is removed | Present / Absent' DisableAppViews = 'String | Optional | Disables App Views. | Unknown / Disabled / NotDisabled' SocialBarOnSitePagesDisabled = 'Boolean | Optional | Disables or enables the Social Bar for Site Collection.' Owner = 'String | Required | Specifies the owner of the site.' AnonymousLinkExpirationInDays = 'UInt32 | Optional | Specifies that all anonymous/anyone links that have been created (or will be created) will expire after the set number of days. Only applies if OverrideTenantAnonymousLinkExpirationPolicy is set to true. To remove the expiration requirement, set the value to zero (0)' UniqueId = 'String | Required | Unique ID to identify this specific object' DisableCompanyWideSharingLinks = 'String | Optional | Disables Company wide sharing links. | Unknown / Disabled / NotDisabled' OverrideTenantAnonymousLinkExpirationPolicy = 'Boolean | Optional | False - Respect the organization-level policy for anonymous or anyone link expiration. True - Override the organization-level policy for anonymous or anyone link expiration (can be more or less restrictive)' AllowSelfServiceUpgrade = 'Boolean | Optional | Specifies if the site administrator can upgrade the site collection.' DefaultSharingLinkType = 'String | Optional | Specifies the default link type for the site collection. None - Respect the organization default sharing link type. AnonymousAccess - Sets the default sharing link for this site to an Anonymous Access or Anyone link. Internal - Sets the default sharing link for this site to the ''organization'' link or company shareable link. Direct - Sets the default sharing link for this site to the ''Specific people'' link. | None / AnonymousAccess / Internal / Direct' DenyAddAndCustomizePages = 'Boolean | Optional | Determines whether the Add And Customize Pages right is denied on the site collection. For more information about permission levels, see User permissions and permission levels in SharePoint.' StorageMaximumLevel = 'UInt32 | Optional | Specifies the storage quota for this site collection in megabytes. This value must not exceed the company''s available quota.' LocaleId = 'UInt32 | Optional | Specifies the language of the new site collection. Defaults to the current language of the web connected to.' ShowPeoplePickerSuggestionsForGuestUsers = 'Boolean | Optional | To enable the option to search for existing guest users at Site Collection Level, set this parameter to $true.' } ) SiteAuditSettingsItems = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Url = 'String | Required | URL of the site collection to configure.' UniqueId = 'String | Required | Unique ID to identify this specific object' AuditFlags = 'String | Required | Audit flag for the site collection. Can be ''All'' or ''None''. | All / None' } ) SiteDesigns = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Used to add or remove site design. | Present / Absent' WebTemplate = 'String | Optional | Web template to which the site design is applied to when invoked. | CommunicationSite / TeamSite / GrouplessTeamSite' IsDefault = 'Boolean | Optional | Is site design applied by default to web templates.' Version = 'UInt32 | Optional | Site design version number.' SiteScriptNames = 'StringArray | Optional | The names of the site design scripts.' Title = 'String | Required | The title of the site design.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PreviewImageAltText = 'String | Optional | Site design alternate preview image text.' PreviewImageUrl = 'String | Optional | Site design preview image url.' Description = 'String | Optional | Description of site design.' } ) SiteDesignRightss = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' SiteDesignTitle = 'String | Required | The title of the site design' Ensure = 'String | Optional | Used to add or remove list of users from site design rights. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UserPrincipals = 'StringArray | Optional | List of user principals with seperated by commas to site design rights.' Rights = 'String | Required | Rights to grant user principals on site design rights. | View / None' } ) SiteGroups = @( @{ Url = 'String | Required | The URL of the site.' PermissionLevels = 'StringArray | Optional | The permission level of the site group' Ensure = 'String | Optional | Used to add or remove site design. | Present / Absent' Owner = 'String | Optional | The owner (email address) of the site group' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The name of the site group' } ) SiteScripts = @( @{ Description = 'String | Optional | The description of the site script.' Ensure = 'String | Optional | Present ensures the site script exists, absent ensures it is removed | Present / Absent' Content = 'String | Optional | A JSON string containing the site script.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Optional | ID of the site Script' Title = 'String | Required | The title of the site script.' } ) StorageEntities = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Description = 'String | Optional | Description of storage entity.' SiteUrl = 'String | Required | The url of site collection or tenant.' Key = 'String | Required | The key of the storage entity.' Ensure = 'String | Optional | Used to add or remove storage entity. | Present / Absent' Value = 'String | Optional | Value of the storage entity.' EntityScope = 'String | Optional | Scope of the storage entity. | Tenant / Site' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Comment = 'String | Optional | Comment for the storage entity.' } ) TenantCdnEnableds = @( @{ CdnType = 'String | Required | Specifies the CDN type. The valid values are public or private. | Public / Private' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Enable = 'Boolean | Optional | Specify to enable or disable tenant CDN.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Get-PNPTenantCdnEnabled always returns a value, only support value is Present | Present' } ) TenantCdnPolicies = @( @{ CDNType = 'String | Required | Type of Content Delivery Network. Can be ''Private'' or ''Public''. | Private / Public' AccessTokens = 'StringArray | Optional | Access token used for authentication.' IncludeFileExtensions = 'StringArray | Optional | List of file extensions to include in the Policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' ExcludeRestrictedSiteClassifications = 'StringArray | Optional | List of site classifications to exclude.' } ) TenantSettings = @{ DisabledWebPartIds = 'StringArray | Optional | Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site' SocialBarOnSitePagesDisabled = 'Boolean | Optional | Disables or enables the Social Bar. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.' CommentsOnSitePagesDisabled = 'Boolean | Optional | Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.' MarkNewFilesSensitiveByDefault = 'String | Optional | Allow or block external sharing until at least one Office DLP policy scans the content of the file. | AllowExternalSharing / BlockExternalSharing' FilePickerExternalImageSearchEnabled = 'Boolean | Optional | Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images.' HideDefaultThemes = 'Boolean | Optional | Defines if the default themes are visible or hidden' HideSyncButtonOnTeamSite = 'Boolean | Optional | To enable or disable Sync button on Team sites' AccessTokens = 'StringArray | Optional | Access token used for authentication.' EnableAIPIntegration = 'Boolean | Optional | Boolean indicating if Azure Information Protection (AIP) should be enabled on the tenant.' TenantDefaultTimezone = 'String | Optional | The default timezone of a tenant for newly created sites.' Ensure = 'String | Optional | Only accepted value is ''Present''. | Present / Absent' ApplyAppEnforcedRestrictionsToAdHocRecipients = 'Boolean | Optional | When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.' OfficeClientADALDisabled = 'Boolean | Optional | When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.' LegacyAuthProtocolsEnabled = 'Boolean | Optional | Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.' SignInAccelerationDomain = 'String | Optional | Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.' SearchResolveExactEmailOrUPN = 'Boolean | Optional | Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.' MinCompatibilityLevel = 'UInt32 | Optional | Specifies the lower bound on the compatibility level for new sites.' MaxCompatibilityLevel = 'UInt32 | Optional | Specifies the upper bound on the compatibility level for new sites.' UseFindPeopleInPeoplePicker = 'Boolean | Optional | When set to $true, users aren''t able to share with security groups or SharePoint groups.' NotificationsInSharePointEnabled = 'Boolean | Optional | When set to $true, users aren''t able to share with security groups or SharePoint groups.' OwnerAnonymousNotification = 'Boolean | Optional | Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed.' PublicCdnAllowedFileTypes = 'String | Optional | Configure filetypes allowed for PublicCDN' UsePersistentCookiesForExplorerView = 'Boolean | Optional | Lets SharePoint issue a special cookie that will allow this feature to work even when Keep Me Signed In is not selected.' UserVoiceForFeedbackEnabled = 'Boolean | Optional | Allow feedback via UserVoice.' PublicCdnEnabled = 'Boolean | Optional | Configure PublicCDN' } Themes = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Palette = @( @{ Property = 'String | Optional | Name of the property.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Color value in Hexadecimal.' } ) AccessTokens = 'StringArray | Optional | Access token used for authentication.' IsInverted = 'Boolean | Optional | This value should be false for light themes and true for dark themes; it controls whether SharePoint uses dark or light theme colors to render text on colored backgrounds.' Ensure = 'String | Optional | Only accepted value is ''Present''. | Present / Absent' Name = 'String | Required | The name of the theme, which appears in the theme picker UI and is also used by administrators and developers to refer to the theme in PowerShell cmdlets or calls to the SharePoint REST API.' } ) UserProfileProperties = @( @{ UserName = 'String | Required | Username of the user to configure the profile properties for. E.g. John.Smith@contoso.com' AccessTokens = 'StringArray | Optional | Access token used for authentication.' UniqueId = 'String | Required | Unique ID to identify this specific object' Properties = @( @{ Key = 'String | Optional | Name of the User Profile Property.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' Value = 'String | Optional | Value of the User Profile Property.' } ) Ensure = 'String | Optional | Only accepted value is ''Present''. | Present' } ) } Teams = @{ AppPermissionPolicies = @( @{ GlobalCatalogAppsType = 'String | Optional | The types of apps for the Global Catalog.' PrivateCatalogAppsType = 'String | Optional | The types of apps for the Private Catalog.' Description = 'String | Optional | Enables administrators to provide explanatory text to accompany a Teams app permission policy.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' GlobalCatalogApps = 'StringArray | Optional | The list of apps for the Global Catalog.' DefaultCatalogAppsType = 'String | Optional | The types of apps for the Default Catalog.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identifier to be assigned to the new Teams app permission policy. Use the ''Global'' Identity if you wish to assign this policy to the entire tenant.' PrivateCatalogApps = 'StringArray | Optional | The list of apps for the Private Catalog.' DefaultCatalogApps = 'StringArray | Optional | The list of apps for the Default Catalog.' } ) AppSetupPolicies = @( @{ Description = 'String | Optional | Enables administrators to provide explanatory text to accompany a Teams app setup policy.' AppPresetMeetingList = 'StringArray | Optional | Choose which apps and meeting extensions you want to be installed in your users'' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.' AllowSideLoading = 'Boolean | Optional | This is also known as side loading. This setting determines if a user can upload a custom app package in the Teams app. Turning it on lets you create or develop a custom app to be used personally or across your organization without having to submit it to the Teams app store. Uploading a custom app also lets you test an app before you distribute it more widely by only assigning it to a single user or group of users.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' PinnedMessageBarApps = 'StringArray | Optional | Apps are pinned in messaging extensions and into the ellipsis menu.' PinnedAppBarApps = 'StringArray | Optional | Pinning an app displays the app in the app bar in Teams client. Admins can pin apps and they can allow users to pin apps. Pinning is used to highlight apps that are needed the most by users and promote ease of access.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identifier to be assigned to the new Teams app setup policy. Use the ''Global'' Identity if you wish to assign this policy to the entire tenant.' AllowUserPinning = 'Boolean | Optional | If you turn this on, the user''s existing app pins will be added to the list of pinned apps set in this policy. Users can rearrange, add, and remove pins as they choose. If you turn this off, the user''s existing app pins will be removed and replaced with the apps defined in this policy.' AppPresetList = 'StringArray | Optional | Choose which apps and messaging extensions you want to be installed in your users'' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.' } ) AudioConferencingPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowTollFreeDialin = 'Boolean | Optional | Determines whether users of the Policy can have Toll free numbers' MeetingInvitePhoneNumbers = 'String | Optional | Determines the list of audio-conferencing Toll- and Toll-free telephone numbers that will be included in meetings invites created by users of this policy.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Specify the name of the policy that you are creating' } ) CallHoldPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Enables administrators to provide explanatory text to accompany a Teams call hold policy.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Unique identifier to be assigned to the new Teams call hold policy. Use the ''Global'' Identity if you wish to assign this policy to the entire tenant.' AudioFileId = 'String | Optional | A string representing the ID referencing an audio file uploaded via the Import-CsOnlineAudioFile cmdlet.' } ) CallingPolicies = @( @{ AllowCallRedirect = 'String | Optional | Setting this parameter provides the ability to configure call redirection capabilities on Teams phones. | Enabled / Disabled / UserOverride' AllowSIPDevicesCalling = 'Boolean | Optional | Determines whether the user is allowed to use SIP devices for calling on behalf of a Teams client.' Description = 'String | Optional | Description of the Teams Calling Policy.' Identity = 'String | Required | Identity of the Teams Calling Policy.' LiveCaptionsEnabledTypeForCalling = 'String | Optional | Determines whether real-time captions are available for the user in Teams meetings. Set this to DisabledUserOverride to allow user to turn on live captions. Set this to Disabled to prohibit. | DisabledUserOverride / Disabled' AllowCallForwardingToPhone = 'Boolean | Optional | Enables call forwarding or simultaneous ringing of inbound calls to any phone number.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowTranscriptionforCalling = 'Boolean | Optional | Determines whether post-meeting captions and transcriptions are allowed in a user''s meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowDelegation = 'Boolean | Optional | Enables inbound calls to be routed to delegates; allows delegates to make outbound calls on behalf of the users for whom they have delegated permissions.' CallRecordingExpirationDays = 'UInt32 | Optional | Sets the expiration of the recorded 1:1 calls.' SpamFilteringEnabledType = 'String | Optional | Setting this parameter determines whether calls identified as Spam will be rejected or not (probably). Valid options are: Enabled, Disabled. | Enabled / Disabled' AllowCallForwardingToUser = 'Boolean | Optional | Enables call forwarding or simultaneous ringing of inbound calls to other users in your tenant.' BusyOnBusyEnabledType = 'String | Optional | Setting this parameter lets you configure how incoming calls are handled when a user is already in a call or conference or has a call placed on hold. New or incoming calls will be rejected with a busy signal. Valid options are: Enabled, Disabled and Unanswered. | Enabled / Disabled / Unanswered / UserOverride' Ensure = 'String | Optional | Present ensures the policyexists, absent ensures it is removed. | Present / Absent' MusicOnHoldEnabledType = 'String | Optional | Setting this parameter allows you to turn on or turn off music on hold when a PSTN caller is placed on hold. It is turned on by default. Valid options are: Enabled, Disabled, UserOverride. For now setting the value to UserOverride is the same as Enabled. This setting does not apply to call park and SLA boss delegate features. Valid options are: Enabled, Disabled, UserOverride. | Enabled / Disabled / UserOverride' AutoAnswerEnabledType = 'String | Optional | This setting allows the tenant admin to enable or disable the Auto-Answer setting. Valid options are: Enabled, Disabled. | Enabled / Disabled' SafeTransferEnabled = 'String | Optional | This parameter is not available for use. Valid options are: Enabled, Disabled, UserOverride. | Enabled / Disabled / UserOverride' AllowCallGroups = 'Boolean | Optional | Enables inbound calls to be routed to call groups.' AllowVoicemail = 'String | Optional | Enables inbound calls to be routed to voice mail. Valid options are: AlwaysEnabled, AlwaysDisabled, UserOverride. | AlwaysEnabled / AlwaysDisabled / UserOverride' AllowPrivateCalling = 'Boolean | Optional | Controls all calling capabilities in Teams. Turning this off will turn off all calling functionality in Teams. If you use Skype for Business for calling, this policy will not affect calling functionality in Skype for Business.' PreventTollBypass = 'Boolean | Optional | Setting this parameter to True will send calls through PSTN and incur charges rather than going through the network and bypassing the tolls.' AllowCloudRecordingForCalls = 'Boolean | Optional | Setting this parameter to True will allows 1:1 Calls to be recorded.' AllowWebPSTNCalling = 'Boolean | Optional | Allows PSTN calling from the Team web client' } ) CallParkPolicies = @( @{ PickupRangeEnd = 'UInt64 | Optional | Specify the maximum value that a rendered pickup code can take. Value can be from 10 to 9999. Note: PickupRangeStart must be smaller than PickupRangeEnd.' Description = 'String | Optional | Description of the Teams Call Park Policy.' PickupRangeStart = 'UInt64 | Optional | Specify the minimum value that a rendered pickup code can take. Value can be from 10 to 9999.' AllowCallPark = 'Boolean | Optional | If set to true, customers will be able to leverage the call park feature to place calls on hold and then decide how the call should be handled - transferred to another department, retrieved using the same phone, or retrieved using a different phone.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' ParkTimeoutSeconds = 'UInt64 | Optional | Specify the number of seconds to wait before ringing the parker when the parked call hasn''t been picked up. Value can be from 120 to 1800 (seconds).' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | A unique identifier for the policy - this will be used to retrieve the policy later on to assign it to specific users.' } ) CallQueues = @( @{ AgentAlertTime = 'UInt16 | Optional | The Name parameter specifies a unique name for the Call Queue.' TimeoutRedirectPersonTextToSpeechPrompt = 'String | Optional | The TimeoutRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to timeout.' TimeoutDisconnectAudioFilePrompt = 'String | Optional | The TimeoutDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to timeout.' TimeoutRedirectPhoneNumberAudioFilePrompt = 'String | Optional | The TimeoutRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.' Users = 'StringArray | Optional | The Users parameter lets you add agents to the Call Queue. This parameter expects a list of user unique identifiers (GUID).' AllowOptOut = 'Boolean | Optional | The AllowOptOut parameter indicates whether or not agents can opt in or opt out from taking calls from a Call Queue.' PresenceBasedRouting = 'Boolean | Optional | The PresenceBasedRouting parameter indicates whether or not presence based routing will be applied while call being routed to Call Queue agents. When set to False, calls will be routed to agents who have opted in to receive calls, regardless of their presence state. When set to True, opted-in agents will receive calls only when their presence state is Available.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Name = 'String | Required | The Name parameter specifies a unique name for the Call Queue.' TimeoutActionTarget = 'String | Optional | The TimeoutActionTarget represents the target of the timeout action. If the TimeoutAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory ''tel:'' prefix. If the TimeoutAction is set to SharedVoicemail, this parameter must be set to an Office 365 Group ID. Otherwise, this field is optional.' OverflowDisconnectTextToSpeechPrompt = 'String | Optional | The OverflowDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to overflow.' OverflowRedirectPersonAudioFilePrompt = 'String | Optional | The OverflowRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to overflow.' OverflowRedirectVoiceAppAudioFilePrompt = 'String | Optional | The OverflowRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to overflow.' OverflowThreshold = 'UInt16 | Optional | The OverflowThreshold parameter defines the number of calls that can be in the queue at any one time before the overflow action is triggered. The OverflowThreshold can be any integer value between 0 and 200, inclusive. A value of 0 causes calls not to reach agents and the overflow action to be taken immediately.' ChannelId = 'String | Optional | Id of the channel to connect a call queue to.' TimeoutDisconnectTextToSpeechPrompt = 'String | Optional | The TimeoutDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to timeout.' UseDefaultMusicOnHold = 'Boolean | Optional | The UseDefaultMusicOnHold parameter indicates that this Call Queue uses the default music on hold. This parameter cannot be specified together with MusicOnHoldAudioFileId.' OverflowActionTarget = 'String | Optional | The OverflowActionTarget parameter represents the target of the overflow action. If the OverFlowAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory ''tel:'' prefix. If the OverflowAction is set to SharedVoicemail, this parameter must be set to a group ID (Microsoft 365, Distribution list, or Mail-enabled security). Otherwise, this parameter is optional.' MusicOnHoldAudioFileId = 'String | Optional | The MusicOnHoldFileContent parameter represents music to play when callers are placed on hold. This is the unique identifier of the audio file. This parameter is required if the UseDefaultMusicOnHold parameter is not specified.' TimeoutRedirectVoiceAppAudioFilePrompt = 'String | Optional | The TimeoutRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to timeout.' OverflowRedirectVoiceAppTextToSpeechPrompt = 'String | Optional | The OverflowRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to overflow.' ConferenceMode = 'Boolean | Optional | The ConferenceMode parameter indicates whether or not Conference mode will be applied on calls for this Call queue. Conference mode significantly reduces the amount of time it takes for a caller to be connected to an agent, after the agent accepts the call.' OverflowRedirectVoicemailTextToSpeechPrompt = 'String | Optional | The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person''s voicemail due to overflow.' TimeoutRedirectPhoneNumberTextToSpeechPrompt = 'String | Optional | The TimeoutRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.' TimeoutAction = 'String | Optional | The TimeoutAction parameter defines the action to take if the timeout threshold is reached. The TimeoutAction property must be set to one of the following values: Disconnect, Forward, Voicemail, and SharedVoicemail. The default value is Disconnect. | Disconnect / Forward / Voicemail / SharedVoicemail' EnableOverflowSharedVoicemailTranscription = 'Boolean | Optional | The EnableOverflowSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on overflow. This parameter is only applicable when OverflowAction is set to SharedVoicemail.' OverflowSharedVoicemailTextToSpeechPrompt = 'String | Optional | The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person''s voicemail due to overflow.' Ensure = 'String | Optional | Present ensures the Team Message Policy exists, absent ensures it is removed | Present / Absent' OverflowRedirectVoicemailAudioFilePrompt = 'String | Optional | The OverflowRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person''s voicemail due to overflow.' OverflowRedirectPhoneNumberAudioFilePrompt = 'String | Optional | The OverflowRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.' OverflowAction = 'String | Optional | The OverflowAction parameter designates the action to take if the overflow threshold is reached. The OverflowAction property must be set to one of the following values: DisconnectWithBusy, Forward, Voicemail, and SharedVoicemail. The default value is DisconnectWithBusy. | DisconnectWithBusy / Forward / Voicemail / SharedVoicemail' DistributionLists = 'StringArray | Optional | The DistributionLists parameter lets you add all the members of the distribution lists to the Call Queue. This is a list of distribution list GUIDs. A service wide configurable maximum number of DLs per Call Queue are allowed. Only the first N (service wide configurable) agents from all distribution lists combined are considered for accepting the call. Nested DLs are supported. O365 Groups can also be used to add members to the Call Queue.' TimeoutSharedVoicemailTextToSpeechPrompt = 'String | Optional | The TimeoutSharedVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailAudioFilePrompt is null.' OverflowRedirectPhoneNumberTextToSpeechPrompt = 'String | Optional | The OverflowRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.' WelcomeMusicAudioFileId = 'String | Optional | The WelcomeMusicAudioFileId parameter represents the audio file to play when callers are connected with the Call Queue. This is the unique identifier of the audio file.' OverflowRedirectPersonTextToSpeechPrompt = 'String | Optional | The OverflowRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to overflow.' LanguageId = 'String | Optional | The LanguageId parameter indicates the language that is used to play shared voicemail prompts. This parameter becomes a required parameter If either OverflowAction or TimeoutAction is set to SharedVoicemail. You can query the supported languages using the Get-CsAutoAttendantSupportedLanguage cmdlet.' TimeoutThreshold = 'UInt16 | Optional | The TimeoutThreshold parameter defines the time (in seconds) that a call can be in the queue before that call times out. At that point, the system will take the action specified by the TimeoutAction parameter. The TimeoutThreshold can be any integer value between 0 and 2700 seconds (inclusive), and is rounded to the nearest 15th interval. For example, if set to 47 seconds, then it is rounded down to 45. If set to 0, welcome music is played, and then the timeout action will be taken.' OverflowDisconnectAudioFilePrompt = 'String | Optional | The OverflowDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to overflow.' UniqueId = 'String | Required | Unique ID to identify this specific object' TimeoutRedirectVoicemailTextToSpeechPrompt = 'String | Optional | The TimeoutRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person''s voicemail due to timeout.' OverflowSharedVoicemailAudioFilePrompt = 'String | Optional | The OverflowSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on overflow. This parameter becomes a required parameter when OverflowAction is SharedVoicemail and OverflowSharedVoicemailTextToSpeechPrompt is null.' EnableTimeoutSharedVoicemailTranscription = 'Boolean | Optional | The EnableTimeoutSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on timeout. This parameter is only applicable when TimeoutAction is set to SharedVoicemail.' AuthorizedUsers = 'StringArray | Optional | This is a list of GUIDs for users who are authorized to make changes to this call queue. The users must also have a TeamsVoiceApplications policy assigned. The GUID should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).' OboResourceAccountIds = 'StringArray | Optional | The OboResourceAccountIds parameter lets you add resource account with phone number to the Call Queue. The agents in the Call Queue will be able to make outbound calls using the phone number on the resource accounts. This is a list of resource account GUIDs. Only Call Queue managed by a Teams Channel will be able to use this feature.' RoutingMethod = 'String | Optional | The RoutingMethod defines how agents will be called in a Call Queue. If the routing method is set to Serial, then agents will be called one at a time. If the routing method is set to Attendant, then agents will be called in parallel. If routing method is set to RoundRobin, the agents will be called using Round Robin strategy so that all agents share the call-load equally. If routing method is set to LongestIdle, the agents will be called based on their idle time, i.e., the agent that has been idle for the longest period will be called. | Attendant / Serial / RoundRobin / LongestIdle' TimeoutRedirectPersonAudioFilePrompt = 'String | Optional | The TimeoutRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to timeout.' TimeoutRedirectVoiceAppTextToSpeechPrompt = 'String | Optional | The TimeoutRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to timeout.' ChannelUserObjectId = 'String | Optional | Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). This is the GUID of one of the owners of the team the channels belongs to.' TimeoutSharedVoicemailAudioFilePrompt = 'String | Optional | The TimeoutSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailTextToSpeechPrompt is null.' TimeoutRedirectVoicemailAudioFilePrompt = 'String | Optional | The TimeoutRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person''s voicemail due to timeout.' } ) Channels = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' GroupID = 'String | Optional | Team group ID, only used to target a Team when duplicated display names occurs.' DisplayName = 'String | Required | Current channel name' Ensure = 'String | Optional | Present ensures the Team channel exists, absent ensures it is removed | Present / Absent' Description = 'String | Optional | Channel description' NewDisplayName = 'String | Optional | Used to update current channel name' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TeamName = 'String | Required | Name of the team the Channel belongs to' } ) ChannelsPolicies = @( @{ AllowUserToParticipateInExternalSharedChannel = 'Boolean | Optional | Determines whether a user is allowed to participate in a shared channel that has been shared by an external user. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowSharedChannelCreation = 'Boolean | Optional | Determines whether a user is allowed to create a shared channel. Set this to TRUE to allow. Set this FALSE to prohibit.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AllowOrgWideTeamCreation = 'Boolean | Optional | Determines whether a user is allowed to create an org-wide team. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowChannelSharingToExternalUser = 'Boolean | Optional | Determines whether a user is allowed to share a shared channel with an external user. Set this to TRUE to allow. Set this FALSE to prohibit.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Identity of the Teams Channel Policy.' Description = 'String | Optional | Description of the Teams Channel Policy.' AllowPrivateChannelCreation = 'Boolean | Optional | Determines whether a user is allowed to create a private channel. Set this to TRUE to allow. Set this FALSE to prohibit.' EnablePrivateTeamDiscovery = 'Boolean | Optional | Determines whether a user is allowed to discover private teams in suggestions and search results. Set this to TRUE to allow. Set this FALSE to prohibit.' } ) ChannelTabs = @( @{ DisplayName = 'String | Required | Display Name of the Channel Tab.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SortOrderIndex = 'UInt32 | Optional | Index of the sort order for the custom tab.' ContentUrl = 'String | Optional | Url of the content linked to the Channel Tab.' TeamsApp = 'String | Optional | Id of the Teams App associated with the custom tab.' RemoveUrl = 'String | Optional | Url of the location used to remove the app.' Ensure = 'String | Optional | Present ensures the Tab exists, absent ensures it is removed. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' EntityId = 'String | Optional | Id of the Entity linked to the Channel Tab.' ChannelName = 'String | Required | Display Name of the Channel.' WebSiteUrl = 'String | Optional | Url of the website linked to the Channel Tab.' TeamId = 'String | Optional | Unique Id of the Team of the instance on the source tenant.' TeamName = 'String | Required | Display Name of the Team.' } ) ClientConfiguration = @{ AllowSkypeBusinessInterop = 'Boolean | Optional | When set to $true, Teams conversations automatically show up in Skype for Business for users that aren''t enabled for Teams.' ContentPin = 'String | Optional | This setting applies only to Skype for Business Online (not Microsoft Teams) and defines whether the user must provide a secondary form of authentication to access the meeting content from a resource device account. Meeting content is defined as files that are shared to the Content Bin - files that have been attached to the meeting. | NotRequired / RequiredOutsideScheduleMeeting / AlwaysRequired' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ResourceAccountContentAccess = 'String | Optional | Require a secondary form of authentication to access meeting content. | NoAccess / PartialAccess / FullAccess' AllowShareFile = 'Boolean | Optional | Designates whether users are able to leverage ShareFile as a third party storage solution in Microsoft Teams. If $true, users will be able to add ShareFile in the client and interact with the files stored there.' AllowDropBox = 'Boolean | Optional | Designates whether users are able to leverage DropBox as a third party storage solution in Microsoft Teams. If $true, users will be able to add DropBox in the client and interact with the files stored there.' AllowOrganizationTab = 'Boolean | Optional | When set to $true, users will be able to see the organizational chart icon other users'' contact cards, and when clicked, this icon will display the detailed organizational chart.' AllowEmailIntoChannel = 'Boolean | Optional | When set to $true, mail hooks are enabled, and users can post messages to a channel by sending an email to the email address of Teams channel.' AllowGuestUser = 'Boolean | Optional | Designates whether or not guest users in your organization will have access to the Teams client. If $true, guests in your tenant will be able to access the Teams client. Note that this setting has a core dependency on Guest Access being enabled in your Office 365 tenant.' AllowResourceAccountSendMessage = 'Boolean | Optional | Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the from party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed anonymous because it originated from the Surface Hub''s device account. If set to $true, these device accounts will be able to send chat messages in Skype for Business Online (does not apply to Microsoft Teams).' AllowEgnyte = 'Boolean | Optional | Designates whether users are able to leverage Egnyte as a third party storage solution in Microsoft Teams. If $true, users will be able to add Egnyte in the client and interact with the files stored there.' AllowScopedPeopleSearchandAccess = 'Boolean | Optional | If set to $true, the Exchange address book policy (ABP) will be used to provide customized view of the global address book for each user. This is only a virtual separation and not a legal separation.' AllowGoogleDrive = 'Boolean | Optional | Designates whether users are able to leverage GoogleDrive as a third party storage solution in Microsoft Teams. If $true, users will be able to add Google Drive in the client and interact with the files stored there.' AllowBox = 'Boolean | Optional | Designates whether users are able to leverage Box as a third party storage solution in Microsoft Teams. If $true, users will be able to add Box in the client and interact with the files stored there.' RestrictedSenderList = 'StringArray | Optional | Senders domains can be further restricted to ensure that only allowed SMTP domains can send emails to the Teams channels. This is a comma-separated string of the domains you''d like to allow to send emails to Teams channels.' } ComplianceRecordingPolicies = @( @{ WarnUserOnRemoval = 'Boolean | Optional | This parameter is reserved for future use.' Description = 'String | Optional | Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to.' Enabled = 'Boolean | Optional | Controls whether this Teams recording policy is active or not.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' ComplianceRecordingApplications = 'StringArray | Optional | A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identifier of the application instance of a policy-based recording application to be retrieved.' DisableComplianceRecordingAudioNotificationForCalls = 'Boolean | Optional | Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording.' } ) CortanaPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Provide a description of your policy to identify purpose of creating it.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Unique identifier for Teams cortana policy you''re creating.' CortanaVoiceInvocationMode = 'String | Optional | The value of this field indicates if Cortana is enabled and mode of invocation. | Disabled / PushToTalkUserOverride / WakeWordPushToTalkUserOverride' } ) DialInConferencingTenantSettings = @{ PinLength = 'UInt32 | Optional | Specifies the number of digits in the automatically generated PINs. Organizers can enter their PIN to start a meeting they scheduled if they join via phone and are the first person to join. The minimum value is 4, the maximum is 12, and the default is 5.' MaskPstnNumbersType = 'String | Optional | This parameter allows tenant administrators to configure masking of PSTN participant phone numbers in the roster view for Microsoft Teams meetings enabled for Audio Conferencing, scheduled within the organization. Possible values are MaskedForExternalUsers, MaskedForAllUsers or NoMasking | MaskedForExternalUsers / MaskedForAllUsers / NoMasking' EntryExitAnnouncementsType = 'String | Optional | Supported entry and exit announcement type.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AutomaticallyMigrateUserMeetings = 'Boolean | Optional | Automatically Migrate User Meetings.' AllowPSTNOnlyMeetingsByDefault = 'Boolean | Optional | Specifies the default value that gets assigned to the ''AllowPSTNOnlyMeetings'' setting of users when they are enabled for dial-in conferencing, or when a user''s dial-in conferencing provider is set to Microsoft. If set to $true, the ''AllowPSTNOnlyMeetings'' setting of the user will also be set to true. If $false, the user setting will be false. The default value for AllowPSTNOnlyMeetingsByDefault is $false.' AutomaticallyReplaceAcpProvider = 'Boolean | Optional | Automatically replace ACP Provider.' EnableEntryExitNotifications = 'Boolean | Optional | Specifies if, by default, announcements are made as users enter and exit a conference call. Set to $true to enable notifications, $false to disable notifications. The default is $true.' EnableDialOutJoinConfirmation = 'Boolean | Optional | Enable Dial out join confirmation.' AutomaticallySendEmailsToUsers = 'Boolean | Optional | Specifies whether advisory emails will be sent to users when the events listed below occur. Setting the parameter to $true enables the emails to be sent, $false disables the emails. The default is $true.' } EmergencyCallingPolicies = @( @{ ExternalLocationLookupMode = 'String | Optional | Enables ExternalLocationLookupMode. This mode allows users to set Emergency addresses for remote locations. | Disabled / Enabled' Description = 'String | Optional | Description of the Teams Emergency Calling Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' NotificationMode = 'String | Optional | The type of conference experience for security desk notification. | NotificationOnly / ConferenceMuted / ConferenceUnMuted' Identity = 'String | Required | Identity of the Teams Emergency Calling Policy.' NotificationGroup = 'String | Optional | NotificationGroup is a email list of users and groups to be notified of an emergency call.' NotificationDialOutNumber = 'String | Optional | This parameter represents PSTN number which can be dialed out if NotificationMode is set to either of the two Conference values.' EnhancedEmergencyServiceDisclaimer = 'String | Optional | Allows the tenant administrator to configure a text string, which is shown at the top of the Calls app.' } ) EmergencyCallRoutingPolicies = @( @{ AllowEnhancedEmergencyServices = 'Boolean | Optional | Flag to enable Enhanced Emergency Services' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' EmergencyNumbers = @( @{ EmergencyDialMask = 'String | Optional | For each Teams emergency number, you can specify zero or more emergency dial masks. A dial mask is a number that you want to translate into the value of the emergency dial number value when it is dialed.' UniqueId = 'String | Required | [Unique ID to identify this specific object]' OnlinePSTNUsage = 'String | Optional | Specify the online public switched telephone network (PSTN) usage' EmergencyDialString = 'String | Optional | Specifies the emergency phone number.' } ) Description = 'String | Optional | Description of the Teams Emergency Call Routing Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Identity of the Teams Emergency Call Routing Policy.' } ) EnhancedEncryptionPolicies = @( @{ Description = 'String | Optional | Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CallingEndtoEndEncryptionEnabledType = 'String | Optional | Determines whether End-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on End-to-end encrypted calls. Set this to Disabled to prohibit.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' MeetingEndToEndEncryption = 'String | Optional | N/A' Identity = 'String | Required | Unique identifier assigned to the Teams enhanced encryption policy.' } ) EventsPolicies = @( @{ Description = 'String | Optional | Description of the Teams Events Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowedTownhallTypesForRecordingPublish = 'String | Optional | This setting describes how IT admins can control which types of Town Hall attendees can have their recordings published. | None / InviteOnly / EveryoneInCompanyIncludingGuests / Everyone' AllowEventIntegrations = 'Boolean | Optional | This setting governs access to the integrations tab in the event creation workflow.' AllowedQuestionTypesInRegistrationForm = 'String | Optional | This setting governs which users in a tenant can add which registration form questions to an event registration page for attendees to answer when registering for the event. | DefaultOnly / DefaultAndPredefinedOnly / AllQuestions' AllowedWebinarTypesForRecordingPublish = 'String | Optional | This setting describes how IT admins can control which types of webinar attendees can have their recordings published. | None / InviteOnly / EveryoneInCompanyIncludingGuests / Everyone' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AllowEmailEditing = 'String | Optional | This setting governs if a user is allowed to edit the communication emails in Teams Town Hall or Teams Webinar events. | Disabled / Enabled' Identity = 'String | Required | Identity of the Teams Events Policy.' EventAccessType = 'String | Optional | Defines who is allowed to join the event. | Everyone / EveryoneInCompanyExcludingGuests' AllowWebinars = 'String | Optional | Determines if webinars are allowed by the policy or not. | Disabled / Enabled' UseMicrosoftECDN = 'Boolean | Optional | This setting governs whether the global admin disables this property and prevents the organizers from creating town halls that use Microsoft eCDN even though they have been assigned a Teams Premium license.' AllowTownhalls = 'String | Optional | This setting governs if a user can create town halls using Teams Events. | Disabled / Enabled' TownhallChatExperience = 'String | Optional | This setting governs whether the user can enable the Comment Stream chat experience for Town Halls. | Optimized / None' } ) FederationConfiguration = @{ TreatDiscoveredPartnersAsUnverified = 'Boolean | Optional | When set to True, messages sent from discovered partners are considered unverified. That means that those messages will be delivered only if they were sent from a person who is on the recipient''s Contacts list.' AllowTeamsConsumerInbound = 'Boolean | Optional | Allows people using Teams with an account that''s not managed by an organization, to discover and start communication with users in your organization.' RestrictTeamsConsumerToExternalUserProfiles = 'Boolean | Optional | When set to True, Teamsconsumer have access only to external user profiles' AllowPublicUsers = 'Boolean | Optional | When set to True users will be potentially allowed to communicate with users who have accounts on public IM and presence providers.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' BlockedDomains = 'StringArray | Optional | List of federated domains to block.' AllowFederatedUsers = 'Boolean | Optional | When set to True users will be potentially allowed to communicate with users from other domains.' AllowedDomains = 'StringArray | Optional | List of federated domains to allow.' AllowTeamsConsumer = 'Boolean | Optional | Allows federation with people using Teams with an account that''s not managed by an organization.' SharedSipAddressSpace = 'Boolean | Optional | When set to True, indicates that the users homed on Skype for Business Online use the same SIP domain as users homed on the on-premises version of Skype for Business Server.' } FeedbackPolicies = @( @{ AllowScreenshotCollection = 'Boolean | Optional | Specifies if Screenshot Collection is enabled or not.' ReceiveSurveysMode = 'String | Optional | Specifies if users are allowed to receive the survey. | Enabled / Disabled / EnabledUserOverride' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' EnableFeatureSuggestions = 'Boolean | Optional | Specifies if users are allowed to provide feature suggestions' AllowEmailCollection = 'Boolean | Optional | Specifies if Email Collection is enabled or not.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specify the name of the Teams Feedback Policy.' UserInitiatedMode = 'String | Optional | Specifies if users are allowed to give feedback.' AllowLogCollection = 'Boolean | Optional | Specifies if Log Collection is enabled or not.' } ) FilesPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' SPChannelFilesTab = 'String | Optional | Specifies whether users see the Teams Files channel tab in any channel or in Teams chat. | Enabled / Disabled' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Specifies the policy instance name' NativeFileEntryPoints = 'String | Optional | Specifies whether users see the options to upload files from OneDrive for Business, other cloud storage services configured for the user account, and SharePoint Online | Enabled / Disabled' } ) GroupPoliciesAssignment = @( @{ GroupId = 'String | Optional | GroupId, alternatively to Group Displayname' PolicyType = 'String | Required | Teams PolicyType. The type of the policy to be assigned. Possible values: | ApplicationAccessPolicy / CallingLineIdentity / OnlineAudioConferencingRoutingPolicy / OnlineVoicemailPolicy / OnlineVoiceRoutingPolicy / TeamsAudioConferencingPolicy / TeamsCallHoldPolicy / TeamsCallParkPolicy / TeamsChannelsPolicy / TeamsComplianceRecordingPolicy / TeamsCortanaPolicy / TeamsEmergencyCallingPolicy / TeamsEnhancedEncryptionPolicy / TeamsFeedbackPolicy / TeamsFilesPolicy / TeamsIPPhonePolicy / TeamsMediaLoggingPolicy / TeamsMeetingBroadcastPolicy / TeamsMeetingPolicy / TeamsMessagingPolicy / TeamsMobilityPolicy / TeamsRoomVideoTeleConferencingPolicy / TeamsShiftsPolicy / TeamsUpdateManagementPolicy / TeamsVdiPolicy / TeamsVideoInteropServicePolicy / TenantDialPlan / ExternalAccessPolicy / TeamsAppSetupPolicy / TeamsCallingPolicy / TeamsEventsPolicy / TeamsMeetingBrandingPolicy / TeamsMeetingTemplatePermissionPolicy / TeamsVerticalPackagePolicy' Ensure = 'String | Optional | Present ensures the group policy assignment exists, absent ensures it is removed. | Present / Absent' PolicyName = 'String | Optional | Teams PolicyName. The name of the policy to be assigned.' UniqueId = 'String | Required | Unique ID to identify this specific object' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Priority = 'String | Optional | Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type' GroupDisplayName = 'String | Required | Group Displayname of the group the policys are assigned to' } ) GuestCallingConfiguration = @{ AllowPrivateCalling = 'Boolean | Required | Designates whether guests who have been enabled for Teams can use calling functionality. If $false, guests cannot call.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' } GuestMeetingConfiguration = @{ AllowIPVideo = 'Boolean | Optional | Determines whether video is enabled in a user''s meetings or calls. Set this to TRUE to allow guests to share their video. Set this to FALSE to prohibit guests from sharing their video.' LiveCaptionsEnabledType = 'String | Optional | Determines whether real-time captions are available for guests in Teams meetings. | Disabled / DisabledUserOverride' AllowTranscription = 'Boolean | Optional | Determines whether guests can enable post-meeting captions and transcriptions in meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ScreenSharingMode = 'String | Optional | Determines the mode in which guests can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens. | Disabled / EntireScreen / SingleApplication' AllowMeetNow = 'Boolean | Optional | Determines whether guests can start ad-hoc meetings. Set this to TRUE to allow guests to start ad-hoc meetings. Set this to FALSE to prohibit guests from starting ad-hoc meetings.' } GuestMessagingConfiguration = @{ AllowImmersiveReader = 'Boolean | Optional | Determines if Immersive Reader is enabled.' AllowGiphy = 'Boolean | Optional | Determines if Giphy are available for use.' AllowUserDeleteChat = 'Boolean | Optional | Turn this setting on to allow users to permanently delete their one-on-one chat, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).' AllowUserDeleteMessage = 'Boolean | Optional | Determines if a user is allowed to delete their own messages.' AllowUserEditMessage = 'Boolean | Optional | Determines if a user is allowed to edit their own messages.' AllowUserChat = 'Boolean | Optional | Determines if a user is allowed to chat.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowStickers = 'Boolean | Optional | Determines if stickers are available for use.' AllowMemes = 'Boolean | Optional | Determines if memes are available for use.' GiphyRatingType = 'String | Optional | Determines Giphy content restrictions. Default value is Moderate, other options are Strict and NoRestriction. | Moderate / Strict / NoRestriction' } IPPhonePolicies = @( @{ AllowBetterTogether = 'String | Optional | Determines whether Better Together mode is enabled, phones can lock and unlock in an integrated fashion when connected to their Windows PC running a 64-bit Teams desktop client. | Enabled / Disabled' SignInMode = 'String | Optional | Determines the sign in mode for the device when signing in to Teams. | UserSignIn / CommonAreaPhoneSignIn / MeetingSignIn' SearchOnCommonAreaPhoneMode = 'String | Optional | Determines whether a user can search the Global Address List in Common Area Phone Mode. | Enabled / Disabled' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AllowHotDesking = 'Boolean | Optional | Determines whether hot desking mode is enabled.' Description = 'String | Optional | Specifies the description of the policy' HotDeskingIdleTimeoutInMinutes = 'UInt64 | Optional | Determines the idle timeout value in minutes for the signed in user account. When the timeout is reached, the account is logged out.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specifies the policy instance name' AllowHomeScreen = 'String | Optional | Determines whether the Home Screen feature of the Teams IP Phones is enabled. | Enabled / EnabledUserOverride / Disabled' } ) MeetingBroadcastConfiguration = @{ SdnLicenseId = 'String | Optional | Specifies the Software Defined Network (SDN) license identifier. This is required and provided by some SDN providers. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.' SupportURL = 'String | Optional | Specifies a URL where broadcast event attendees can find support information or FAQs specific to that event. The URL will be displayed to the attendees during the broadcast.' SdnProviderName = 'String | Optional | Specifies the Software Defined Network (SDN) provider''s name. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.' SdnApiToken = 'String | Optional | Specifies the Software Defined Network (SDN) provider''s authentication token which is required to use their SDN license. This is required by some SDN providers who will give you the required token. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' SdnApiTemplateUrl = 'String | Optional | Specifies the Software Defined Network (SDN) provider''s HTTP API endpoint. This information is provided to you by the SDN provider. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.' AllowSdnProviderForBroadcastMeeting = 'Boolean | Optional | If set to $true, Teams meeting broadcast streams are enabled to take advantage of the network and bandwidth management capabilities of your Software Defined Network (SDN) provider.' } MeetingBroadcastPolicies = @( @{ BroadcastAttendeeVisibilityMode = 'String | Optional | Specifies the attendee visibility mode of the broadcast events created by this user. This setting controls who can watch the broadcast event - e.g. anyone can watch this event including anonymous users or only authenticated users in my company can watch the event. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method. | Everyone / EveryoneInCompany / InvitedUsersInCompany / EveryoneInCompanyAndExternal / InvitedUsersInCompanyAndExternal' Ensure = 'String | Optional | Present ensures the Policy exists, absent ensures it is removed | Present / Absent' AllowBroadcastTranscription = 'Boolean | Optional | Specifies whether real-time transcription and translation can be enabled in the broadcast event. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.' BroadcastRecordingMode = 'String | Optional | Specifies whether broadcast events created by this user are always recorded, never recorded or user can choose whether to record or not. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method. | AlwaysEnabled / AlwaysDisabled / UserOverride' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The identifier of the Teams Meeting Broadcast Policy.' AllowBroadcastScheduling = 'Boolean | Optional | Specifies whether this user can create broadcast events in Teams. This settng impacts broadcasts that use both self-service and external encoder production methods.' } ) MeetingConfiguration = @{ EnableQoS = 'Boolean | Optional | Determines whether Quality of Service Marking for real-time media (audio, video, screen/app sharing) is enabled in the tenant. Set this to TRUE to enable and FALSE to disable.' LogoURL = 'String | Optional | URL to a logo image. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ClientVideoPort = 'UInt32 | Optional | Determines the starting port number for client video. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50020.' ClientAppSharingPortRange = 'UInt32 | Optional | Determines the total number of ports available for client sharing or application sharing. Default value is 20.' LegalURL = 'String | Optional | URL to a website containing legal information and meeting disclaimers. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.' CustomFooterText = 'String | Optional | Text to be used on custom meeting invitations.' ClientAudioPort = 'UInt32 | Optional | Determines the starting port number for client audio. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50000.' HelpURL = 'String | Optional | URL to a website where users can obtain assistance on joining the meeting.This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.' ClientMediaPortRangeEnabled = 'Boolean | Optional | Determines whether custom media port and range selections need to be enforced. When set to True, clients will use the specified port range for media traffic. When set to False (the default value) for any available port (from port 1024 through port 65535) will be used to accommodate media traffic.' ClientAppSharingPort = 'UInt32 | Optional | Determines the starting port number for client screen sharing or application sharing. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50040.' ClientAudioPortRange = 'UInt32 | Optional | Determines the total number of ports available for client audio. Default value is 20.' ClientVideoPortRange = 'UInt32 | Optional | Determines the total number of ports available for client video. Default value is 20.' DisableAnonymousJoin = 'Boolean | Optional | Determines whether anonymous users are blocked from joining meetings in the tenant. Set this to TRUE to block anonymous users from joining. Set this to FALSE to allow anonymous users to join meetings.' } MeetingPolicies = @( @{ TeamsCameraFarEndPTZMode = 'String | Optional | Determines whether or not meetings created by users with this policy are able to utilize the Camera Far-End PTZ Mode. | Disabled / Enabled' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowMeetingCoach = 'Boolean | Optional | N/A' DesignatedPresenterRoleMode = 'String | Optional | Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings. | OrganizerOnlyUserOverride / EveryoneInCompanyUserOverride / EveryoneUserOverride' AllowAnnotations = 'Boolean | Optional | N/A' AllowIPAudio = 'Boolean | Optional | Determines whether audio is enabled in a user''s meetings or calls. Set this to TRUE to allow the user to share their audioo. Set this to FALSE to prohibit the user from sharing their audio.' AllowWhiteboard = 'Boolean | Optional | Determines whether whiteboard is allowed in a user''s meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowAnonymousUsersToDialOut = 'Boolean | Optional | CURRENTLY DISABLED: Determines whether anonymous users can use the Call Me At feature for meeting audio.' StreamingAttendeeMode = 'String | Optional | Determines whether or not meetings created by users with this policy are able to utilize the meeting overflow capability. | Disabled / Enabled' ExplicitRecordingConsent = 'String | Optional | N/A' AllowNetworkConfigurationSettingsLookup = 'Boolean | Optional | Determines whether network configuration setting lookups can be made by users who are not Enterprise Voice enabled. It is used to enable Network Roaming policies.' AllowTranscription = 'Boolean | Optional | Determines whether real-time and/or post-meeting captions and transcriptions are allowed in a user''s meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.' ForceStreamingAttendeeMode = 'String | Optional | N/A' RoomAttributeUserOverride = 'String | Optional | Determines whether or not biometric data will be used to distinguish and or attribute in the transcript. | Off / Distinguish / Attribute' AllowUserToJoinExternalMeeting = 'String | Optional | Determines what types of external meetings users can join. Enabled is able join all external meetings. | Enabled / FederatedOnly / Disabled' AllowExternalParticipantGiveRequestControl = 'Boolean | Optional | Determines whether external participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit an external user from giving or requesting control in a meeting.' AllowAnonymousUsersToStartMeeting = 'Boolean | Optional | Determines whether anonymous users can initiate a meeting. Set this to TRUE to allow anonymous users to initiate a meeting. Set this to FALSE to prohibit them from initiating a meeting.' AllowMeetingRegistration = 'Boolean | Optional | Controls if a user can create a webinar meeting. The default value is True.' ChannelRecordingDownload = 'String | Optional | Determines how channel meeting recordings are saved, permissioned, and who can download them.' ScreenSharingMode = 'String | Optional | Determines the mode in which a user can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens. | SingleApplication / EntireScreen / Disabled' RoomPeopleNameUserOverride = 'String | Optional | N/A' AllowPrivateMeetNow = 'Boolean | Optional | Determines whether a user can start private ad-hoc meetings. Set this to TRUE to allow a user to start private ad-hoc meetings. Set this to FALSE to prohibit the user from starting private ad-hoc meetings.' AllowNDIStreaming = 'Boolean | Optional | Determines whether a user is able to use NDI (Network Device Interface) in meetings - both for output and input streams.' AllowWatermarkForCameraVideo = 'Boolean | Optional | N/A' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' PreferredMeetingProviderForIslandsMode = 'String | Optional | Determines which Outlook Add-in the user will get as preferred Meeting provider(TeamsAndSfb or Teams). | TeamsAndSfb / Teams' AllowOrganizersToOverrideLobbySettings = 'Boolean | Optional | Determines whether organizers can override lobby settings for both VOIP and PSTN. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowEngagementReport = 'String | Optional | Determines whether or not a meeting Organizer can track join and leave times for all users within their meetings as well as download a roster. | Enabled / Disabled' LiveCaptionsEnabledType = 'String | Optional | Determines whether a user should have the option to view live captions or not in a meeting. | Disabled / DisabledUserOverride' Description = 'String | Optional | Description of the Teams Meeting Policy.' InfoShownInReportMode = 'String | Optional | N/A' IPAudioMode = 'String | Optional | Determines whether or not a user can use audio in a meeting that supports it. | EnabledOutgoingIncoming / Disabled' BlockedAnonymousJoinClientTypes = 'String | Optional | A user can join a Teams meeting anonymously using a Teams client or using a custom application built using Azure Communication Services. When anonymous meeting join is enabled, both types of clients may be used by default. This optional parameter can be used to block one of the client types that can be used. The allowed values are ACS (to block the use of Azure Communication Services clients) or Teams (to block the use of Teams clients). Both can also be specified, separated by a comma, but this is equivalent to disabling anonymous join completely.' LiveInterpretationEnabledType = 'String | Optional | Determines how meeting organizers can configure a meeting for language interpretation, select attendees of the meeting to become interpreters that other attendees can select and listen to the real-time translation they provide.' NewMeetingRecordingExpirationDays = 'SInt32 | Optional | Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1.' AllowMeetNow = 'Boolean | Optional | Determines whether a user can start ad-hoc meetings. Set this to TRUE to allow a user to start ad-hoc meetings. Set this to FALSE to prohibit the user from starting ad-hoc meetings.' AllowAnonymousUsersToJoinMeeting = 'Boolean | Optional | Determines whether anonymous users can join the meetings that impacted users organize. Set this to TRUE to allow anonymous users to join a meeting. Set this to FALSE to prohibit them from joining a meeting.' MeetingInviteLanguages = 'String | Optional | Controls how the join information in meeting invitations is displayed by enforcing a common language or enabling up to two languages to be displayed. Note: All Teams supported languages can be specified using language codes.' WhoCanRegister = 'String | Optional | Specifies who can attend and register for webinars. | Everyone / EveryoneInCompany' AutoAdmittedUsers = 'String | Optional | Determines what types of participants will automatically be added to meetings organized by this user. Set this to EveryoneInCompany if you would like meetings to place every external user in the lobby but allow all users in the company to join the meeting immediately. Set this to Everyone if you''d like to admit anonymous users by default. Set this to EveryoneInSameAndFederatedCompany if you would like meetings to allow federated users to join like your company''s users, but place all other external users in a lobby. Set this to InvitedUsers if you would like meetings to allow only the invited users. | EveryoneInCompany / Everyone / EveryoneInSameAndFederatedCompany / OrganizerOnly / InvitedUsers / EveryoneInCompanyExcludingGuests' AllowCloudRecording = 'Boolean | Optional | Determines whether cloud recording is allowed in a user''s meetings. Set this to TRUE to allow the user to be able to record meetings. Set this to FALSE to prohibit the user from recording meetings.' AllowedStreamingMediaInput = 'String | Optional | N/A' AllowIPVideo = 'Boolean | Optional | Determines whether video is enabled in a user''s meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.' SpeakerAttributionMode = 'String | Optional | Possible values: EnabledUserOverride or Disabled. | Disabled / EnabledUserOverride' AllowCartCaptionsScheduling = 'String | Optional | Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real-time captions in meetings. | EnabledUserOverride / DisabledUserOverride / Disabled' AllowOutlookAddIn = 'Boolean | Optional | Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to TRUE to allow the user to be able to schedule Teams meetings in Outlook client. Set this to FALSE to prohibit a user from scheduling Teams meeting in Outlook client.' AllowSharedNotes = 'Boolean | Optional | Determines whether users are allowed to take shared notes. Set this to TRUE to allow. Set this to FALSE to prohibit.' MeetingChatEnabledType = 'String | Optional | Determines whether or not Chat will be enabled, enabled except anonymous or disabled for meetings. | Disabled / Enabled / EnabledExceptAnonymous' QnAEngagementMode = 'String | Optional | N/A' AllowParticipantGiveRequestControl = 'Boolean | Optional | Determines whether participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit the user from giving, requesting control in a meeting.' MediaBitRateKb = 'UInt32 | Optional | Determines the media bit rate for audio/video/app sharing transmissions in meetings.' EnrollUserOverride = 'String | Optional | Determines whether or not users will be able to enroll/capture their Biometric data: Face & Voice. | Disabled / Enabled' AllowPowerPointSharing = 'Boolean | Optional | Determines whether Powerpoint sharing is allowed in a user''s meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowPrivateMeetingScheduling = 'Boolean | Optional | Determines whether a user can schedule private meetings. Set this to TRUE to allow a user to schedule private meetings. Set this to FALSE to prohibit the user from scheduling private meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.' AllowMeetingReactions = 'Boolean | Optional | Determines whether or not meetings created by users with this policy are able to utilize the Meeting Reactions feature.' AllowChannelMeetingScheduling = 'Boolean | Optional | Determines whether a user can schedule channel meetings. Set this to TRUE to allow a user to schedule channel meetings. Set this to FALSE to prohibit the user from scheduling channel meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.' VideoFiltersMode = 'String | Optional | Determines which background filters are available to meeting attendees. | NoFilters / BlurOnly / BlurAndDefaultBackgrounds / AllFilters' AllowWatermarkForScreenSharing = 'Boolean | Optional | N/A' LiveStreamingMode = 'String | Optional | Determines whether you provide support for your users to stream their Teams meetings to large audiences through Real-Time Messaging Protocol (RTMP). | Disabled / Enabled' AllowBreakoutRooms = 'Boolean | Optional | Determines whether or not meetings created by users with this policy are able to utilize the Breakout Rooms feature.' AllowDocumentCollaboration = 'String | Optional | N/A' AllowRecordingStorageOutsideRegion = 'Boolean | Optional | Determines whether cloud recording can be stored out of region for go-local tenants where recording is not yet enabled.' AllowPSTNUsersToBypassLobby = 'Boolean | Optional | Determines whether PSTN users should be automatically admitted to the meetings. Set this to TRUE to allow the PSTN user to be able bypass the meetinglobby. Set this to FALSE to prohibit the PSTN user from bypassing the meetinglobby.' Identity = 'String | Required | Identity of the Teams Meeting Policy.' IPVideoMode = 'String | Optional | Determines whether or not a user can use video in a meeting that supports it. Can only be enabled if IPAudioMode is enabled | EnabledOutgoingIncoming / Disabled' } ) MessagingPolicies = @( @{ AllowOwnerDeleteMessage = 'Boolean | Optional | Determines whether owners are allowed to delete all the messages in their team. Set this to TRUE to allow. Set this to FALSE to prohibit.' Description = 'String | Optional | Provide a description of your policy to identify purpose of creating it.' AllowUserChat = 'Boolean | Optional | Determines whether a user is allowed to chat. Set this to TRUE to allow a user to chat across private chat, group chat and in meetings. Set this to FALSE to prohibit all chat.' Identity = 'String | Required | Identity for the teams messaging policy you''re modifying. To modify the global policy, use this syntax: -Identity global. To modify a per-user policy, use syntax similar to this: -Identity TeamsMessagingPolicy.' AllowGiphy = 'Boolean | Optional | Determines whether a user is allowed to access and post Giphys. Set this to TRUE to allow. Set this FALSE to prohibit.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' AllowUserDeleteMessage = 'Boolean | Optional | Determines whether a user is allowed to delete their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.' ChannelsInChatListEnabledType = 'String | Optional | Possible values are: DisabledUserOverride,EnabledUserOverride. | DisabledUserOverride / EnabledUserOverride' AllowStickers = 'Boolean | Optional | Determines whether a user is allowed to access and post stickers. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowSmartCompose = 'Boolean | Optional | Turn on this setting to let a user get text predictions for chat messages.' AllowUrlPreviews = 'Boolean | Optional | Use this setting to turn automatic URL previewing on or off in messages. Set this to TRUE to turn on. Set this to FALSE to turn off.' Tenant = 'String | Optional | Globally unique identifier (GUID) of the tenant account whose external user communication policy are being created.' AllowCommunicationComplianceEndUserReporting = 'Boolean | Optional | Report inappropriate content.' AllowSmartReply = 'Boolean | Optional | Turn this setting on to enable suggested replies for chat messages. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowImmersiveReader = 'Boolean | Optional | Determines whether a user is allowed to use Immersive Reader for reading conversation messages. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowUserTranslation = 'Boolean | Optional | Determines whether a user is allowed to translate messages to their client languages. Set this to TRUE to allow. Set this to FALSE to prohibit.' AllowUserEditMessage = 'Boolean | Optional | Determines whether a user is allowed to edit their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.' AudioMessageEnabledType = 'String | Optional | Determines whether a user is allowed to send audio messages. Possible values are: ChatsAndChannels,ChatsOnly,Disabled. | ChatsAndChannels / ChatsOnly / Disabled' AllowRemoveUser = 'Boolean | Optional | Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.' Ensure = 'String | Optional | Present ensures the Team Message Policy exists, absent ensures it is removed | Present / Absent' ReadReceiptsEnabledType = 'String | Optional | Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None. | UserPreference / Everyone / None' AllowMemes = 'Boolean | Optional | Determines whether a user is allowed to access and post memes. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowFluidCollaborate = 'Boolean | Optional | Determines is Fluid Collaboration should be enabled or not.' AllowSecurityEndUserReporting = 'Boolean | Optional | Report a security concern.' AllowPriorityMessages = 'Boolean | Optional | Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.' AllowVideoMessages = 'Boolean | Optional | Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.' GiphyRatingType = 'String | Optional | Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION. | STRICT / MODERATE / NORESTRICTION' AllowUserDeleteChat = 'Boolean | Optional | Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).' } ) MobilityPolicies = @( @{ IPVideoMobileMode = 'String | Optional | When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | WifiOnly / AllNetworks' Description = 'String | Optional | Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specify the name of the Teams Mobility Policy.' MobileDialerPreference = 'String | Optional | Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride. | Teams / Native / UserOverride' IPAudioMobileMode = 'String | Optional | When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks. | WifiOnly / AllNetworks' } ) NetworkRoamingPolicies = @( @{ Description = 'String | Optional | Description of the new policy to be created.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specify the name of the Teams Network Roaming Policy.' AllowIPVideo = 'Boolean | Optional | Determines whether video is enabled in a user''s meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.' MediaBitRateKb = 'UInt64 | Optional | Determines the media bit rate for audio/video/app sharing transmissions in meetings.' } ) OnlineVoicemailPolicies = @( @{ Identity = 'String | Required | Identity of the Teams Online Voicemail Policy.' EnableTranscriptionTranslation = 'Boolean | Optional | Allows you to disable or enable translation for the voicemail transcriptions. Possible values are $true or $false.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' EnableEditingCallAnswerRulesSetting = 'Boolean | Optional | Controls if editing call answer rule settings are enabled or disabled for a user. Possible values are $true or $false.' SecondarySystemPromptLanguage = 'String | Optional | The secondary language that voicemail system prompts will be presented in. Must also set PrimarySystemPromptLanguage and may not be the same value as PrimarySystemPromptanguage. When set, this overrides the user language choice. ' EnableTranscriptionProfanityMasking = 'Boolean | Optional | Allows you to disable or enable profanity masking for the voicemail transcriptions. Possible values are $true or $false.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ShareData = 'String | Optional | Specifies whether voicemail and transcription data are shared with the service for training and improving accuracy. Possible values are Defer and Deny.' MaximumRecordingLength = 'String | Optional | A duration of voicemail maximum recording length. The length should be between 30 seconds to 600 seconds.' PrimarySystemPromptLanguage = 'String | Optional | The primary (or first) language that voicemail system prompts will be presented in. Must also set SecondarySystemPromptLanguage. When set, this overrides the user language choice.' EnableTranscription = 'Boolean | Optional | Allows you to disable or enable voicemail transcription. Possible values are $true or $false.' } ) OnlineVoicemailUserSettingsItems = @( @{ OofGreetingFollowCalendarEnabled = 'Boolean | Optional | The OofGreetingFollowCalendarEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set out-of-office in calendar.' OofGreetingEnabled = 'Boolean | Optional | The OofGreetingEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' PromptLanguage = 'String | Optional | The PromptLanguage parameter represents the language that is used to play voicemail prompts.' ShareData = 'Boolean | Optional | Specifies whether voicemail and transcription data is shared with the service for training and improving accuracy.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' DefaultOofGreetingPromptOverwrite = 'String | Optional | The DefaultOofGreetingPromptOverwrite parameter represents the contents that overwrite the default out-of-office greeting prompt. If the user''s out-of-office custom greeting is not set and DefaultOofGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default out-of-office greeting in the voicemail deposit scenario.' TransferTarget = 'String | Optional | The TransferTarget parameter represents the target to transfer the call when call answer rule set to PromptOnlyWithTransfer or VoicemailWithTransferOption. Value of this parameter should be a SIP URI of another user in your organization. For user with Enterprise Voice enabled, a valid telephone number could also be accepted as TransferTarget.' Identity = 'String | Required | The Identity parameter represents the ID of the specific user in your organization; this can be either a SIP URI or an Object ID.' VoicemailEnabled = 'Boolean | Optional | The VoicemailEnabled parameter represents whether to enable voicemail service. If set to $false, the user has no voicemail service.' DefaultGreetingPromptOverwrite = 'String | Optional | The DefaultGreetingPromptOverwrite parameter represents the contents that overwrite the default normal greeting prompt. If the user''s normal custom greeting is not set and DefaultGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default normal greeting in the voicemail deposit scenario.' OofGreetingFollowAutomaticRepliesEnabled = 'Boolean | Optional | The OofGreetingFollowAutomaticRepliesEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set automatic replies in Outlook.' CallAnswerRule = 'String | Optional | The CallAnswerRule parameter represents the value of the call answer rule, which can be any of the following: DeclineCall, PromptOnly, PromptOnlyWithTransfer, RegularVoicemail, VoicemailWithTransferOption. | DeclineCall / PromptOnly / PromptOnlyWithTransfer / RegularVoicemail / VoicemailWithTransferOption' } ) OnlineVoiceUsers = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' TelephoneNumber = 'String | Optional | Specifies the telephone number to be assigned to the user. The value must be in E.164 format: +14255043920. Setting the value to $Null clears the user''s telephone number.' Ensure = 'String | Optional | Present ensures the online voice user exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Specifies the identity of the target user.' LocationID = 'String | Optional | Specifies the unique identifier of the emergency location to assign to the user. Location identities can be discovered by using the Get-CsOnlineLisLocation cmdlet.' } ) PstnUsages = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Usage = 'String | Required | An online PSTN usage (such as Local or Long Distance) that can be used in conjunction with voice routes and voice routing policies.' UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' } ) ShiftsPolicies = @( @{ EnableScheduleOwnerPermissions = 'Boolean | Optional | Determines whether a user can manage a Shifts schedule as a team member.' ShiftNoticeMessageType = 'String | Optional | Specifies the warning message is shown in the blocking dialog when a user access Teams off shift hours. Select one of 7 Microsoft provided messages, a default message or a custom message. | DefaultMessage / Message1 / Message2 / Message3 / Message4 / Message5 / Message6 / Message7 / CustomMessage' ShiftNoticeFrequency = 'String | Optional | Determines the frequency of warning dialog displayed when user opens Teams. | Always / ShowOnceOnChange / Never' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AccessType = 'String | Optional | Determines the Teams access type granted to the user. Today, only unrestricted access to Teams app is supported. | UnrestrictedAccess_TeamsApp' AccessGracePeriodMinutes = 'UInt64 | Optional | Determines the grace period time in minutes between when the first shift starts or last shift ends and when access is blocked' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Specifies the policy instance name' ShiftNoticeMessageCustom = 'String | Optional | Specifies a custom message. Must set ShiftNoticeMessageType to ''CustomMessage'' to enforce this' EnableShiftPresence = 'Boolean | Optional | Determines whether a user is given shift-based presence (On shift, Off shift, or Busy). This must be set in order to have any off shift warning message-specific settings.' } ) Teams = @( @{ Owner = 'StringArray | Optional | Owners of the Team' AllowOwnerDeleteMessages = 'Boolean | Optional | Allow owners to delete messages within Team.' AllowAddRemoveApps = 'Boolean | Optional | Allow add or remove apps from the Team.' AllowUserEditMessages = 'Boolean | Optional | Allow members to edit messages within Team.' DisplayName = 'String | Required | Display Name of the Team' AllowCreateUpdateRemoveTabs = 'Boolean | Optional | Allow members to manage tabs within Team.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' ShowInTeamsSearchAndSuggestions = 'Boolean | Optional | determines whether or not private teams should be searchable from Teams clients for users who do not belong to that team. Set to $false to make those teams not discoverable from Teams clients.' AllowDeleteChannels = 'Boolean | Optional | Allow members to delete channels within Team.' GiphyContentRating = 'String | Optional | Giphy content rating of the Team. | Strict / Moderate' AllowGuestCreateUpdateChannels = 'Boolean | Optional | Allow guests to create and update channels in Team.' AllowUserDeleteMessages = 'Boolean | Optional | Allow members to delete messages within Team.' Ensure = 'String | Optional | Present ensures the Team exists, absent ensures it is removed. | Present / Absent' UniqueId = 'String | Required | Unique ID to identify this specific object' AllowGiphy = 'Boolean | Optional | Allow giphy in Team.' AllowTeamMentions = 'Boolean | Optional | Allow mentions in Team.' AllowCreateUpdateChannels = 'Boolean | Optional | Allow members to create and update channels within Team.' GroupID = 'String | Optional | Team group ID, only used to target a Team when duplicated display names occurs.' AllowChannelMentions = 'Boolean | Optional | Allow channel mention in Team.' Description = 'String | Optional | Description of Team.' MailNickName = 'String | Optional | MailNickName of O365 Group associated with Team' AllowCreateUpdateRemoveConnectors = 'Boolean | Optional | Allow members to manage connectors within Team.' AllowCustomMemes = 'Boolean | Optional | Allow custom memes in Team.' Visibility = 'String | Optional | Visibility of the Team | Public / Private / HiddenMembership' AllowStickersAndMemes = 'Boolean | Optional | Allow stickers and mimes in the Team.' AllowGuestDeleteChannels = 'Boolean | Optional | Allow guests to delete channel in Team.' } ) TemplatesPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Description of the Teams Templates Policy.' HiddenTemplates = 'StringArray | Optional | The list of Teams templates to hide.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Identity of the Teams Templates Policy.' } ) TenantDialPlans = @( @{ OptimizeDeviceDialing = 'Boolean | Optional | Specifies if the dial plan should optimize device dialing or not.' Description = 'String | Optional | The Description parameter describes the tenant dial plan - what it''s for, what type of user it applies to and any other information that helps to identify the purpose of the tenant dial plan. Maximum characters: 512.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Ensure = 'String | Optional | Specify if this dial plan should exist or not. | Present / Absent' SimpleName = 'String | Optional | The SimpleName parameter is a display name for the tenant dial plan. This name must be unique among all tenant dial plans within the Skype for Business Server deployment.This string can be up to 49 characters long. Valid characters are alphabetic or numeric characters, hyphen (-), dot (.) and parentheses (()).' Identity = 'String | Required | The Identity parameter is a unique identifier that designates the name of the tenant dial plan. Identity is an alphanumeric string that cannot exceed 49 characters. Valid characters are alphabetic or numeric characters, hyphen (-) and dot (.). The value should not begin with a (.).' NormalizationRules = @( @{ Description = 'String | Optional | A friendly description of the normalization rule.' IsInternalExtension = 'Boolean | Optional | If True, the result of applying this rule will be a number internal to the organization. If False, applying the rule results in an external number. This value is ignored if the value of the OptimizeDeviceDialing property of the associated dial plan is set to False.' Identity = 'String | Optional | A unique identifier for the rule. The Identity specified must include the scope followed by a slash and then the name; for example: site:Redmond/Rule1, where site:Redmond is the scope and Rule1 is the name. The name portion will automatically be stored in the Name property. You cannot specify values for Identity and Name in the same command.' Translation = 'String | Optional | The regular expression pattern that will be applied to the number to convert it to E.164 format.' Pattern = 'String | Optional | A regular expression that the dialed number must match in order for this rule to be applied.' Priority = 'UInt32 | Optional | The order in which rules are applied. A phone number might match more than one rule. This parameter sets the order in which the rules are tested against the number.' } ) ExternalAccessPrefix = 'String | Optional | The ExternalAccessPrefix parameter is a number (or set of numbers) that designates the call as external to the organization. (For example, to tenant-dial an outside line, first press 9.) This prefix is ignored by the normalization rules, although these rules are applied to the remainder of the number. The OptimizeDeviceDialing parameter must be set to True for this value to take effect. This parameter must match the regular expression [0-9]{1,4}: that is, it must be a value 0 through 9 and one to four digits in length. The default value is 9.' } ) TenantNetworkRegions = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Provide a description of the network region to identify purpose of creating it.' CentralSite = 'String | Optional | Name of the associated Central Site.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Unique identifier for the network region to be created.' } ) TenantNetworkSites = @( @{ LocationPolicy = 'String | Optional | LocationPolicy is the identifier for the location policy which the current network site is associating to.' EmergencyCallRoutingPolicy = 'String | Optional | This parameter is used to assign a custom emergency call routing policy to a network site' Description = 'String | Optional | Provide a description of the network site to identify purpose of creating it.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' SiteAddress = 'String | Optional | The address of current network site.' NetworkRegionID = 'String | Optional | NetworkRegionID is the identifier for the network region which the current network site is associating to.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identifier for the network site to be created.' NetworkRoamingPolicy = 'String | Optional | NetworkRoamingPolicy is the identifier for the network roaming policy to which the network site will associate to.' EnableLocationBasedRouting = 'Boolean | Optional | This parameter determines whether the current site is enabled for location based routing.' EmergencyCallingPolicy = 'String | Optional | This parameter is used to assign a custom emergency calling policy to a network site' } ) TenantNetworkSubnets = @( @{ Description = 'String | Optional | Provide a description of the network subnet to identify purpose of creating it.' MaskBits = 'UInt32 | Required | This parameter determines the length of bits to mask to the subnet. IPv4 format subnet accepts maskbits from 0 to 32 inclusive. IPv6 format subnet accepts maskbits from 0 to 128 inclusive.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' NetworkSiteID = 'String | Optional | NetworkSiteID is the identifier for the network site which the current network subnet is associating to.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identifier for the network subnet to be created.' } ) TenantTrustedIPAddresss = @( @{ MaskBits = 'UInt32 | Optional | This parameter determines the length of bits to mask to the subnet.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Provide a description of the trusted IP address to identify purpose of creating it.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' Identity = 'String | Required | Unique identifier for the IP address to be created.' } ) TranslationRules = @( @{ Description = 'String | Optional | A friendly description of the normalization rule.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Identifier of the rule. This parameter is required and later used to assign the rule to the Inbound or Outbound Trunk Normalization policy.' Translation = 'String | Optional | The regular expression pattern that will be applied to the number to convert it.' Pattern = 'String | Optional | A regular expression that caller or callee number must match in order for this rule to be applied.' } ) UnassignedNumberTreatments = @( @{ Target = 'String | Optional | The identity of the destination the call should be routed to. Depending on the TargetType it should either be the ObjectId of the user or application instance/resource account or the AudioFileId of the uploaded audio file.' Description = 'String | Optional | Free format description of this treatment.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' TreatmentPriority = 'UInt32 | Optional | The priority of the treatment. Used to distinguish identical patterns. The lower the priority the higher preference. The priority needs to be unique.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | The Id of the treatment.' TargetType = 'String | Optional | The type of target used for the treatment. Allowed values are User, ResourceAccount and Announcement. | User / ResourceAccount / Announcement' Pattern = 'String | Optional | A regular expression that the called number must match in order for the treatment to take effect. It is best pratice to start the regular expression with the hat character and end it with the dollar character. You can use various regular expression test sites on the Internet to validate the expression.' } ) UpdateManagementPolicies = @( @{ AllowPublicPreview = 'String | Optional | Determines the ring of public previews to subscribes to. | Disabled / Enabled / Forced / FollowOfficePreview' UseNewTeamsClient = 'String | Optional | Determines whether or not users will use the new Teams client. | NewTeamsAsDefault / UserChoice / MicrosoftChoice / AdminDisabled / NewTeamsOnly' UpdateTime = 'String | Optional | Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' AllowManagedUpdates = 'Boolean | Optional | Determines if managed updates should be allowed or not.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Identity of the Teams Update Management Policy.' Description = 'String | Optional | The description of the Teams Update Management Policy.' UpdateDayOfWeek = 'UInt32 | Optional | Determines the day of week to perform the updates. Value shoud be between 0 and 6.' AllowPreview = 'Boolean | Optional | Determines if preview builds should be allowed or not.' UpdateTimeOfDay = 'String | Optional | Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.' } ) UpgradeConfiguration = @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' DownloadTeams = 'Boolean | Optional | The DownloadTeams property allows admins to control whether the Skype for Business client should automatically download Teams in the background. This Boolean setting is only honored on Windows clients, and only for certain values of the user''s TeamsUpgradePolicy. If NotifySfbUser=true or if Mode=TeamsOnly in TeamsUpgradePolicy, this setting is honored. Otherwise it is ignored.' SfBMeetingJoinUx = 'String | Optional | The SfBMeetingJoinUx property allows admins to specify which app is used to join Skype for Business meetings, even after the user has been upgraded to Teams. Allowed values are: ''SkypeMeetingsApp'' and ''NativeLimitedClient''. ''NativeLimitedClient'' means the existing Skype for Business rich client will be used, but since the user is upgraded, only meeting functionality is available. Calling and Messaging are done via Teams. ''SkypeMeetingsApp'' means use the web-downloadable app. This setting can be useful for organizations that have upgraded to Teams and no longer want to install Skype for Business on their users'' computers. | SkypeMeetingsApp / NativeLimitedClient' } UpgradePolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Users = 'StringArray | Optional | List of users that will be granted the Upgrade Policy to.' MigrateMeetingsToTeams = 'Boolean | Optional | Specifies whether to move existing Skype for Business meetings organized by the user to Teams. This parameter can only be true if the mode of the specified policy instance is either TeamsOnly or SfBWithTeamsCollabAndMeetings, and if the policy instance is being granted to a specific user. It not possible to trigger meeting migration when granting TeamsUpgradePolicy to the entire tenant.' Identity = 'String | Required | Identity of the Teams Upgrade Policy.' } ) Users = @( @{ UniqueId = 'String | Required | Unique ID to identify this specific object' Ensure = 'String | Optional | Present ensures the Team user exists, absent ensures it is removed | Present / Absent' User = 'String | Required | UPN of user to add to Team' Role = 'String | Optional | User role in Team | Guest / Member / Owner' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TeamName = 'String | Required | Team NAme' } ) UserCallingSettingsItems = @( @{ UnansweredTarget = 'String | Optional | The unanswered target. Supported type of values are ObjectId, SIP address and phone number. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.' IsUnansweredEnabled = 'Boolean | Optional | This parameter controls whether forwarding for unasnwered calls is enabled or not.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' CallGroupTargets = 'StringArray | Optional | The members of the Call Group. You need to always specify the full set of members as the parameter value. What you set here will overwrite the current call group membership.' UnansweredDelay = 'String | Optional | The time the call will ring the user before it is forwarded to the unanswered target. The supported format is hh:mm:ss and the delay range needs to be between 10 and 60 seconds in 10 seconds increments, i.e. 00:00:10, 00:00:20, 00:00:30, 00:00:40, 00:00:50 and 00:01:00. The default value is 20 seconds.' ForwardingTarget = 'String | Optional | The forwarding target. Supported types of values are ObjectId''s, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' UnansweredTargetType = 'String | Optional | The unanswered target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. | Group / MyDelegates / SingleTarget / Voicemail' IsForwardingEnabled = 'Boolean | Optional | This parameter controls whether forwarding is enabled or not.' Identity = 'String | Required | The Identity of the user to set call forwarding, simultaneous ringing and call group settings for. Can be specified using the ObjectId or the SIP address.' ForwardingTargetType = 'String | Optional | The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding. | Group / MyDelegates / SingleTarget / Voicemail' CallGroupOrder = 'String | Optional | The order in which to call members of the Call Group. The supported values are Simultaneous and InOrder.' GroupNotificationOverride = 'String | Optional | The group notification override that will be set on the specified user. The supported values are Ring, Mute and Banner. | Ring / Mute / Banner' ForwardingType = 'String | Optional | The type of forwarding to set. Supported values are Immediate and Simultaneous | Immediate / Simultaneous' } ) UserPoliciesAssignment = @( @{ TeamsEmergencyCallRoutingPolicy = 'String | Optional | Name of the Teams Emergency Call Routing Policy.' TeamsUpgradePolicy = 'String | Optional | Name of the Teams Upgrade Policy.' TeamsMobilityPolicy = 'String | Optional | Name of the Teams Mobility Policy.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' TeamsEventsPolicy = 'String | Optional | Name of the Teams Events Policy.' TeamsCallingPolicy = 'String | Optional | Name of the Teams Calling Policy.' TeamsMeetingPolicy = 'String | Optional | Name of the Teams Meeting Policy.' TeamsChannelsPolicy = 'String | Optional | Name of the Teams Channel Policy.' TeamsCallParkPolicy = 'String | Optional | Name of the Teams Call Park Policy.' User = 'String | Required | User Principal Name of the user representing the policy assignments.' TeamsUpdateManagementPolicy = 'String | Optional | Name of the Teams Update Management Policy.' UniqueId = 'String | Required | Unique ID to identify this specific object' TeamsAppPermissionPolicy = 'String | Optional | Name of the Teams App Permission Policy.' TeamsEmergencyCallingPolicy = 'String | Optional | Name of the Teams Emergency Calling Policy.' TeamsAppSetupPolicy = 'String | Optional | Name of the Teams App Setup Policy.' OnlineVoiceRoutingPolicy = 'String | Optional | Name of the Online VOice Routing Policy.' CallingLineIdentity = 'String | Optional | Name of the Calling Line Policy.' TeamsMessagingPolicy = 'String | Optional | Name of the Teams Messaging Policy.' TeamsCallHoldPolicy = 'String | Optional | Name of the Teams Call Hold Policy.' TeamsEnhancedEncryptionPolicy = 'String | Optional | Name of the Teams Enhanced Encryption Policy.' TeamsAudioConferencingPolicy = 'String | Optional | Name of the Teams Audio Conferencing Policy.' OnlineVoicemailPolicy = 'String | Optional | Name of the Online Voicemail Policy.' ExternalAccessPolicy = 'String | Optional | Name of the External Access Policy.' TeamsMeetingBroadcastPolicy = 'String | Optional | Name of the Teams Meeting Broadcast Policy.' TenantDialPlan = 'String | Optional | Name of the Tenant Dial Plan Policy.' } ) VdiPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' DisableCallsAndMeetings = 'Boolean | Optional | Disables Calls and Meetings.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' DisableAudioVideoInCallsAndMeetings = 'Boolean | Optional | Disables Audio and Video in Calls and Meeting.' Identity = 'String | Required | Unique identity of the VDI Policy.' } ) VoiceRoutes = @( @{ Description = 'String | Optional | A description of what this online voice route is for.' Ensure = 'String | Optional | Present ensures the route exists, absent ensures it is removed. | Present / Absent' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Identity of the Teams Voice Route.' OnlinePstnGatewayList = 'StringArray | Optional | This parameter contains a list of online gateways associated with this online voice route. Each member of this list must be the service Identity of the online PSTN gateway.' OnlinePstnUsages = 'StringArray | Optional | A list of online PSTN usages (such as Local, Long Distance, etc.) that can be applied to this online voice route. The PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).' Priority = 'UInt32 | Optional | A number could resolve to multiple online voice routes. The priority determines the order in which the routes will be applied if more than one route is possible.' NumberPattern = 'String | Optional | A regular expression that specifies the phone numbers to which this route applies. Numbers matching this pattern will be routed according to the rest of the routing settings.' } ) VoiceRoutingPolicies = @( @{ AccessTokens = 'StringArray | Optional | Access token used for authentication.' Description = 'String | Optional | Enables administrators to provide explanatory text to accompany an online voice routing policy. For example, the Description might include information about the users the policy should be assigned to.' Ensure = 'String | Optional | Present ensures the policy exists, absent ensures it is removed. | Present / Absent' OnlinePstnUsages = 'StringArray | Optional | A list of online PSTN usages (such as Local or Long Distance) that can be applied to this online voice routing policy. The online PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).' Identity = 'String | Required | Identity of the Teams Voice Routing Policy.' } ) WorkloadPolicies = @( @{ AllowCalling = 'Boolean | Optional | Allows calling.' Description = 'String | Optional | Description of the policy.' AllowMessagingPinned = 'Boolean | Optional | Allows pinning a message.' Ensure = 'String | Optional | Present ensures the instance exists, absent ensures it is removed. | Present / Absent' AllowCallingPinned = 'Boolean | Optional | Allows pinning a call.' AllowMessaging = 'Boolean | Optional | Allows messaging.' AccessTokens = 'StringArray | Optional | Access token used for authentication.' Identity = 'String | Required | Unique identity for the Teams workload policy' AllowMeeting = 'Boolean | Optional | Allows meetins.' AllowMeetingPinned = 'Boolean | Optional | Allows pinning meetings.' } ) } } } |