EXOIRMConfiguration¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSingleInstance | Key | String | Only valid value is 'Yes'. | Yes |
| AutomaticServiceUpdateEnabled | Write | Boolean | The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization. | |
| AzureRMSLicensingEnabled | Write | Boolean | The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management. | |
| DecryptAttachmentForEncryptOnly | Write | Boolean | The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption. | |
| EDiscoverySuperUserEnabled | Write | Boolean | The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages in a discovery mailbox that were returned by a discovery search. | |
| EnablePdfEncryption | Write | Boolean | The EnablePdfEncryption parameter specifies whether to enable the encryption of PDF attachments using Microsoft Purview Message Encryption. | |
| InternalLicensingEnabled | Write | Boolean | The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to internal and external recipients. | |
| JournalReportDecryptionEnabled | Write | Boolean | The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption. | |
| LicensingLocation | Write | StringArray[] | The LicensingLocation parameter specifies the RMS licensing URLs. You can specify multiple URL values separated by commas. | |
| RejectIfRecipientHasNoRights | Write | Boolean | This parameter is available only in the cloud-based service. | |
| RMSOnlineKeySharingLocation | Write | String | The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization. | |
| SearchEnabled | Write | Boolean | The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web (formerly known as Outlook Web App). | |
| SimplifiedClientAccessDoNotForwardDisabled | Write | Boolean | The SimplifiedClientAccessDoNotForwardDisabled parameter specifies whether to disable Do not forward in Outlook on the web. | |
| SimplifiedClientAccessEnabled | Write | Boolean | The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web. | |
| SimplifiedClientAccessEncryptOnlyDisabled | Write | Boolean | The SimplifiedClientAccessEncryptOnlyDisabled parameter specifies whether to disable Encrypt only in Outlook on the web. | |
| TransportDecryptionSetting | Write | String | The TransportDecryptionSetting parameter specifies the transport decryption configuration. | Disabled, Mandatory, Optional |
| Ensure | Write | String | Specifies if this Outbound connector should exist. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Exchange Global Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| CertificatePassword | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | |
| CertificatePath | Write | String | Path to certificate used in service principal usually a PFX file. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
Description¶
Modify the resource Configuration policy in your cloud-based organization.
Permissions¶
Exchange¶
To authenticate with Microsoft Exchange, this resource requires the following permissions:
Roles¶
- @{read=System.Object[]; update=System.Object[]}
Role Groups¶
- @{read=System.Object[]; update=System.Object[]}
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
EXOIRMConfiguration 'ConfigureIRMConfiguration'
{
IsSingleInstance = 'Yes'
AutomaticServiceUpdateEnabled = $True
AzureRMSLicensingEnabled = $True
DecryptAttachmentForEncryptOnly = $True
EDiscoverySuperUserEnabled = $True
EnablePdfEncryption = $True
InternalLicensingEnabled = $True
JournalReportDecryptionEnabled = $True
RejectIfRecipientHasNoRights = $True
SearchEnabled = $True
SimplifiedClientAccessDoNotForwardDisabled = $True
SimplifiedClientAccessEnabled = $True
SimplifiedClientAccessEncryptOnlyDisabled = $True
TransportDecryptionSetting = 'Mandatory'
Ensure = 'Present'
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}