DSCResources/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled/MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled.schema.mof
[ClassVersion("1.0.0.0")]
class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments { [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; [Write, Description("The group Id that is the target of the assignment.")] String groupId; [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate { [Write, Description("Data recovery Certificate")] String Certificate; [Write, Description("Data recovery Certificate description")] String Description; [Write, Description("Data recovery Certificate expiration datetime")] String ExpirationDateTime; [Write, Description("Data recovery Certificate subject name")] String SubjectName; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection { [Write, Description("Display name")] String DisplayName; [Write, Description("Collection of resources")] String Resources[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection { [Write, Description("Display name")] String DisplayName; [Write, Description("Collection of ip ranges"), EmbeddedInstance("MSFT_MicrosoftGraphIpRange")] String Ranges[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphIpRange { [Write, Description("IPv4 address in CIDR notation. Not nullable.")] String CidrAddress; [Write, Description("Lower address.")] String LowerAddress; [Write, Description("Upper address.")] String UpperAddress; [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"}, Values{"#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"}] String odataType; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection { [Write, Description("Display name")] String DisplayName; [Write, Description("Collection of proxied domains"), EmbeddedInstance("MSFT_MicrosoftGraphProxiedDomain")] String ProxiedDomains[]; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphProxiedDomain { [Write, Description("The IP address or FQDN")] String IpAddressOrFQDN; [Write, Description("Proxy IP or FQDN")] String Proxy; }; [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphWindowsInformationProtectionApp { [Write, Description("If true, app is denied protection or exemption.")] Boolean Denied; [Write, Description("The app's description.")] String Description; [Write, Description("App display name.")] String DisplayName; [Write, Description("The product name.")] String ProductName; [Write, Description("The publisher name")] String PublisherName; [Write, Description("The binary name.")] String BinaryName; [Write, Description("The high binary version.")] String BinaryVersionHigh; [Write, Description("The lower binary version.")] String BinaryVersionLow; [Write, Description("The type of the entity."), ValueMap{"#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"}, Values{"#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"}] String odataType; }; [ClassVersion("1.0.0.0"), FriendlyName("IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled")] class MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled : OMI_BaseResource { [Write, Description("The unique identifier for an entity. Read-only.")] String Id; [Key, Description("Policy display name.")] String DisplayName; [Write, Description("Specifies whether to allow Azure RMS encryption for WIP")] Boolean AzureRightsManagementServicesAllowed; [Write, Description("Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate")] String DataRecoveryCertificate; [Write, Description("WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock."), ValueMap{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}, Values{"noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"}] String EnforcementLevel; [Write, Description("Primary enterprise domain")] String EnterpriseDomain; [Write, Description("This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String EnterpriseInternalProxyServers[]; [Write, Description("Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection")] String EnterpriseIPRanges[]; [Write, Description("Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false")] Boolean EnterpriseIPRangesAreAuthoritative; [Write, Description("This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String EnterpriseNetworkDomainNames[]; [Write, Description("List of enterprise domains to be protected"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String EnterpriseProtectedDomainNames[]; [Write, Description("Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection")] String EnterpriseProxiedDomains[]; [Write, Description("This is a list of proxy servers. Any server not on this list is considered non-enterprise"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String EnterpriseProxyServers[]; [Write, Description("Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false")] Boolean EnterpriseProxyServersAreAuthoritative; [Write, Description("Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data."), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionApp")] String ExemptApps[]; [Write, Description("Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app")] Boolean IconsVisible; [Write, Description("This switch is for the Windows Search Indexer, to allow or disallow indexing of items")] Boolean IndexingEncryptedStoresOrItemsBlocked; [Write, Description("List of domain names that can used for work or personal resource"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String NeutralDomainResources[]; [Write, Description("Protected applications can access enterprise data and the data handled by those applications are protected with encryption"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionApp")] String ProtectedApps[]; [Write, Description("Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured")] Boolean ProtectionUnderLockConfigRequired; [Write, Description("This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently.")] Boolean RevokeOnUnenrollDisabled; [Write, Description("TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access")] String RightsManagementServicesTemplateId; [Write, Description("Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary"), EmbeddedInstance("MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection")] String SmbAutoEncryptedFileExtensions[]; [Write, Description("The policy's description.")] String Description; [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments")] String Assignments[]; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; |