AADRemoteNetwork

Parameters

Parameter Attribute DataType Description Allowed Values
Name Key String Name of the remote network.
Id Write String Id of the remote network
Region Write String Region
ForwardingProfiles Write StringArray[] List of the forwarding profile names associated to this remote network
DeviceLinks Write MSFT_AADRemoteNetworkDeviceLink[] Device Links associated to this remote network
Ensure Write String Present ensures the instance exists, absent ensures it is removed. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
LocalIPAddress Write String LocalIpAddress.
PeerIPAddress Write String PeerIpAddress.
Asn Write UInt32 Asn.

MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
ZoneLocalIPAddress Write String ZoneLocalIpAddress.
RedundancyTier Write String RedundancyTier.

MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
PreSharedKey Write String PreSharedKey
ZoneRedundancyPreSharedKey Write String ZoneRedundancyPreSharedKey
SaLifeTimeSeconds Write UInt32 SaLifeTimeSeconds
IPSecEncryption Write String IpSecEncryption
IPSecIntegrity Write String IpSecIntegrity
IKEEncryption Write String IkeEncryption
IKEIntegrity Write String IkeIntegrity
DHGroup Write String DhGroup
PFSGroup Write String PfsGroup
ODataType Write String ODataType

Parameters

Parameter Attribute DataType Description Allowed Values
Name Write String Name of the Device Link
IPAddress Write String IP Address
BandwidthCapacityInMbps Write String Bandwidth Capacity in Mbps
DeviceVendor Write String Device Vendor
BgpConfiguration Write MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration BgpConfiguration.
RedundancyConfiguration Write MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration redundancyConfiguration.
TunnelConfiguration Write MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration tunnelConfiguration

Description

Use this resource to manage the Entra's Network Access Remote Networks, and related Device links.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • NetworkAccess.Read.All
  • Update

    • NetworkAccess.ReadWrite.All

Application permissions

  • Read

    • NetworkAccess.Read.All
  • Update

    • NetworkAccess.ReadWrite.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADRemoteNetwork "AADRemoteNetwork-Test Remote Network"
        {
            Ensure                = "Present";
            ForwardingProfiles    = @("Microsoft 365 traffic forwarding profile");
            Id                    = "c60c41bb-e512-48e3-8134-c312439a5343";
            Name                  = "Test Remote Network";
            Region                = "australiaSouthEast";
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
            DeviceLinks           = @(
                MSFT_AADRemoteNetworkDeviceLink {
                    Name                    = 'Test Link'
                    IPAddress               = '1.1.1.1'
                    BandwidthCapacityInMbps = 'mbps500'
                    DeviceVendor            = 'ciscoCatalyst'
                    BgpConfiguration        = MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration {
                        Asn                 = 82
                        LocalIPAddress      = '1.1.1.87'
                        PeerIPAddress       = '1.1.1.2'
                    }
                    RedundancyConfiguration = MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration {
                        RedundancyTier      = 'zoneRedundancy'
                        ZoneLocalIPAddress  = '1.1.1.8'
                    }
                    TunnelConfiguration     = MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration {
                        PreSharedKey               = 'blah'
                        ZoneRedundancyPreSharedKey = 'blah'
                        SaLifeTimeSeconds          = 300
                        IPSecEncryption            = 'gcmAes192'
                        IPSecIntegrity             = 'gcmAes192'
                        IKEEncryption              = 'aes192'
                        IKEIntegrity               = 'gcmAes128'
                        DHGroup                    = 'ecp256'
                        PFSGroup                   = 'pfsmm'
                        ODataType                  = '#microsoft.graph.networkaccess.tunnelConfigurationIKEv2Custom'
                    }
                }
            );
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADRemoteNetwork "AADRemoteNetwork-Test Remote Network"
        {
            Ensure                = "Present";
            ForwardingProfiles    = @(); #creating drift here
            Id                    = "c60c41bb-e512-48e3-8134-c312439a5343";
            Name                  = "Test Remote Network";
            Region                = "australiaSouthEast";
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
            DeviceLinks           = @(
                MSFT_AADRemoteNetworkDeviceLink {
                    Name                    = 'Test Link Random' # creating drift here
                    IPAddress               = '1.1.1.1'
                    BandwidthCapacityInMbps = 'mbps500'
                    DeviceVendor            = 'ciscoCatalyst'
                    BgpConfiguration        = MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration {
                        Asn                 = 82
                        LocalIPAddress      = '1.1.1.87'
                        PeerIPAddress       = '1.1.1.2'
                    }
                    RedundancyConfiguration = MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration {
                        RedundancyTier      = 'zoneRedundancy'
                        ZoneLocalIPAddress  = '1.1.1.8'
                    }
                    TunnelConfiguration     = MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration {
                        PreSharedKey               = 'blah'
                        ZoneRedundancyPreSharedKey = 'blah'
                        SaLifeTimeSeconds          = 300
                        IPSecEncryption            = 'gcmAes192'
                        IPSecIntegrity             = 'gcmAes192'
                        IKEEncryption              = 'aes192'
                        IKEIntegrity               = 'gcmAes128'
                        DHGroup                    = 'ecp256'
                        PFSGroup                   = 'pfsmm'
                        ODataType                  = '#microsoft.graph.networkaccess.tunnelConfigurationIKEv2Custom'
                    }
                }
            );
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADRemoteNetwork "AADRemoteNetwork-Test Remote Network"
        {
            Ensure                = "Absent";
            ForwardingProfiles    = @("Microsoft 365 traffic forwarding profile");
            Id                    = "c60c41bb-e512-48e3-8134-c312439a5343";
            Name                  = "Test Remote Network";
            Region                = "australiaSouthEast";
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
            DeviceLinks           = @(
                MSFT_AADRemoteNetworkDeviceLink {
                    Name                    = 'Test Link'
                    IPAddress               = '1.1.1.1'
                    BandwidthCapacityInMbps = 'mbps500'
                    DeviceVendor            = 'ciscoCatalyst'
                    BgpConfiguration        = MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration {
                        Asn                 = 82
                        LocalIPAddress      = '1.1.1.87'
                        PeerIPAddress       = '1.1.1.2'
                    }
                    RedundancyConfiguration = MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration {
                        RedundancyTier      = 'zoneRedundancy'
                        ZoneLocalIPAddress  = '1.1.1.8'
                    }
                    TunnelConfiguration     = MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration {
                        PreSharedKey               = 'blah'
                        ZoneRedundancyPreSharedKey = 'blah'
                        SaLifeTimeSeconds          = 300
                        IPSecEncryption            = 'gcmAes192'
                        IPSecIntegrity             = 'gcmAes192'
                        IKEEncryption              = 'aes192'
                        IKEIntegrity               = 'gcmAes128'
                        DHGroup                    = 'ecp256'
                        PFSGroup                   = 'pfsmm'
                        ODataType                  = '#microsoft.graph.networkaccess.tunnelConfigurationIKEv2Custom'
                    }
                }
            );
        }
    }
}