DSCResources/MSFT_AADRoleSetting/MSFT_AADRoleSetting.schema.mof
[ClassVersion("1.0.0.0"), FriendlyName("AADRoleSetting")]
class MSFT_AADRoleSetting : OMI_BaseResource { [Key, Description("RuleDefinition DisplayName")] String DisplayName; [Write, Description("Specifies the RoleId.")] String Id; [Write, Description("Activation maximum duration (hours).")] String ActivationMaxDuration; [Write, Description("Require justification on activation (True/False)")] Boolean ActivationReqJustification; [Write, Description("Require ticket information on activation (True/False)")] Boolean ActivationReqTicket; [Write, Description("Require MFA on activation (True/False)")] Boolean ActivationReqMFA; [Write, Description("Require approval to activate (True/False)")] Boolean ApprovaltoActivate; [Write, Description("Approver User UPN and/or Group Displayname")] String ActivateApprover[]; [Write, Description("Allow permanent eligible assignment (True/False)")] Boolean PermanentEligibleAssignmentisExpirationRequired ; [Write, Description("Expire eligible assignments after (Days)")] String ExpireEligibleAssignment; [Write, Description("Allow permanent active assignment (True/False)")] Boolean PermanentActiveAssignmentisExpirationRequired; [Write, Description("Expire active assignments after (Days)")] String ExpireActiveAssignment; [Write, Description("Require Azure Multi-Factor Authentication on active assignment (True/False)")] Boolean AssignmentReqMFA; [Write, Description("Require justification on active assignment (True/False)")] Boolean AssignmentReqJustification; [Write, Description("Require Azure Multi-Factor Authentication on eligible assignment (True/False)")] Boolean ElegibilityAssignmentReqMFA; [Write, Description("Require justification on eligible assignment (True/False)")] Boolean ElegibilityAssignmentReqJustification; [Write, Description("Send notifications when members are assigned as eligible to this role: Role assignment alert, default recipient (True/False)")] Boolean EligibleAlertNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as eligible to this role: Role assignment alert, additional recipient (UPN)")] String EligibleAlertNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as eligible to this role: Role assignment alert, only critical Email (True/False)")] Boolean EligibleAlertNotificationOnlyCritical; [Write, Description("Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), default recipient (True/False)")] Boolean EligibleAssigneeNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), additional recipient (UPN)")] String EligibleAssigneeNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), only critical Email (True/False)")] Boolean EligibleAssigneeNotificationOnlyCritical; [Write, Description("Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)")] Boolean EligibleApproveNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)")] String EligibleApproveNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)")] Boolean EligibleApproveNotificationOnlyCritical; [Write, Description("Send notifications when members are assigned as active to this role: Role assignment alert, default recipient (True/False)")] Boolean ActiveAlertNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as active to this role: Role assignment alert, additional recipient (UPN)")] String ActiveAlertNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as active to this role: Role assignment alert, only critical Email (True/False)")] Boolean ActiveAlertNotificationOnlyCritical; [Write, Description("Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), default recipient (True/False)")] Boolean ActiveAssigneeNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), additional recipient (UPN)")] String ActiveAssigneeNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), only critical Email (True/False)")] Boolean ActiveAssigneeNotificationOnlyCritical; [Write, Description("Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)")] Boolean ActiveApproveNotificationDefaultRecipient; [Write, Description("Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)")] String ActiveApproveNotificationAdditionalRecipient[]; [Write, Description("Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)")] Boolean ActiveApproveNotificationOnlyCritical; [Write, Description("Send notifications when eligible members activate this role: Role assignment alert, default recipient (True/False)")] Boolean EligibleAssignmentAlertNotificationDefaultRecipient; [Write, Description("Send notifications when eligible members activate this role: Role assignment alert, additional recipient (UPN)")] String EligibleAssignmentAlertNotificationAdditionalRecipient[]; [Write, Description("Send notifications when eligible members activate this role: Role assignment alert, only critical Email (True/False)")] Boolean EligibleAssignmentAlertNotificationOnlyCritical; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)")] Boolean EligibleAssignmentAssigneeNotificationDefaultRecipient; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)")] String EligibleAssignmentAssigneeNotificationAdditionalRecipient[]; [Write, Description("Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)")] Boolean EligibleAssignmentAssigneeNotificationOnlyCritical; [Write, Description("Authorization context is required (True/False)")] Boolean AuthenticationContextRequired; [Write, Description("Descriptive name of associated authorization context")] String AuthenticationContextName; [Write, Description("Authorization context id")] String AuthenticationContextId; [Write, Description("Specify if the Azure AD role setting should exist or not."), ValueMap{"Present"}, Values{"Present"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; |