DefenderDeviceAuthenticatedScanDefinition

Parameters

Parameter Attribute DataType Description Allowed Values
Name Key String Name of the scan definition.
Id Write String Unique identified for the scan definition.
IntervalInHours Write UInt32 Interval in hours to run the scan.
Target Write String Target of the scan definition.
IsActive Write Boolean Determines if the scan definition is active or not.
ScanType Write String Type of scan.
ScannerAgent Write MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent Information about the associated scan agent.
ScanAuthenticationParams Write MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams Authentication parameters.
Ensure Write String Present ensures the instance exists, absent ensures it is removed. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams

Parameters

Parameter Attribute DataType Description Allowed Values
DataType Write String Odata type associated with the request.
Type Write String Type of scan.
KeyVaultUrl Write String An optional property that specifies from which KeyVault the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.
KeyVaultSecretName Write String An optional property that specifies KeyVault secret name from which the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.
Domain Write String Domain name when using WindowsAuthParams.
Username Write String Username when using WindowsAuthParams or the username when choosing SnmpAuthParams with any type other than CommunityString.
IsGMSAUser Write Boolean Must be set to true when choosing WindowsAuthParams.
CommunityString Write String Community string to use when choosing SnmpAuthParams with CommunityString.
AuthProtocol Write String Auth protocol to use with SnmpAuthParams and AuthNoPriv or AuthPriv. Possible values are MD5, SHA1.
AuthPassword Write String Auth password to use with SnmpAuthParams and AuthNoPriv or AuthPriv.
PrivProtocol Write String Priv protocol to use with SnmpAuthParams and AuthPriv. Possible values are DES, 3DES, AES.
PrivPassword Write String Priv password to use with SnmpAuthParams and AuthPriv.

MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent

Parameters

Parameter Attribute DataType Description Allowed Values
id Write String Unique identified for the scan agent.
machineId Write String Id of the machine associated with the agent.
machineName Write String Name of the machine associated with the agent.

Description

Configures device authenticated scan definitions in Defender.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • None
  • Update

    • None

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        DefenderDeviceAuthenticatedScanDefinition "DefenderDeviceAuthenticatedScanDefinition-MyScan"
        {
            ApplicationId            = $ApplicationId;
            CertificateThumbprint    = $CertificateThumbprint;
            Ensure                   = "Present";
            IntervalInHours          = 1;
            IsActive                 = $True;
            Name                     = "MyScan";
            ScanAuthenticationParams = MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams{
                Type = 'NoAuthNoPriv'
                DataType = '#microsoft.windowsDefenderATP.api.SnmpAuthParams'
            };
            ScannerAgent             = MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent{
                machineId = '55c636a37ff1a21a3241437eb6ce15881xxxxxx'
                machineName = 'WIN-XXXXXXXXXX'
                id = 'c819dc6d-f9fe-4d05-8022-88a34766442d_55c636a37ff1a21a3241437eb6ce15881xxxxxxx'
            };
            ScanType                 = "Network";
            Target                   = "172.1.12.1";
            TenantId                 = $TenantId;
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        DefenderDeviceAuthenticatedScanDefinition "DefenderDeviceAuthenticatedScanDefinition-MyScan"
        {
            ApplicationId            = $ApplicationId;
            CertificateThumbprint    = $CertificateThumbprint;
            Ensure                   = "Present";
            IntervalInHours          = 24; # Drift
            IsActive                 = $True;
            Name                     = "MyScan";
            ScanAuthenticationParams = MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams{
                Type = 'NoAuthNoPriv'
                DataType = '#microsoft.windowsDefenderATP.api.SnmpAuthParams'
            };
            ScannerAgent             = MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent{
                machineId = '55c636a37ff1a21a3241437eb6ce15881xxxxxx'
                machineName = 'WIN-XXXXXXXXXX'
                id = 'c819dc6d-f9fe-4d05-8022-88a34766442d_55c636a37ff1a21a3241437eb6ce15881xxxxxxx'
            };
            ScanType                 = "Network";
            Target                   = "172.1.12.1";
            TenantId                 = $TenantId;
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        DefenderDeviceAuthenticatedScanDefinition "DefenderDeviceAuthenticatedScanDefinition-MyScan"
        {
            ApplicationId            = $ApplicationId;
            CertificateThumbprint    = $CertificateThumbprint;
            Ensure                   = "Absent";
            IntervalInHours          = 1;
            IsActive                 = $True;
            Name                     = "MyScan";
            ScanAuthenticationParams = MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams{
                Type = 'NoAuthNoPriv'
                DataType = '#microsoft.windowsDefenderATP.api.SnmpAuthParams'
            };
            ScannerAgent             = MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent{
                machineId = '55c636a37ff1a21a3241437eb6ce15881xxxxxx'
                machineName = 'WIN-XXXXXXXXXX'
                id = 'c819dc6d-f9fe-4d05-8022-88a34766442d_55c636a37ff1a21a3241437eb6ce15881xxxxxxx'
            };
            ScanType                 = "Network";
            Target                   = "172.1.12.1";
            TenantId                 = $TenantId;
        }
    }
}