IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10¶

Parameters¶

Parameter	Attribute	DataType	Description	Allowed Values
Bluetooth	Write	String	Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
BootFromBuiltInNetworkAdapters	Write	String	Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
BootFromExternalMedia	Write	String	Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
Cameras	Write	String	Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
ChangeUefiSettingsPermission	Write	String	Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none.	`notConfiguredOnly`, `none`
FrontCamera	Write	String	Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
InfraredCamera	Write	String	Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
Microphone	Write	String	Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
MicrophonesAndSpeakers	Write	String	Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
NearFieldCommunication	Write	String	Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
Radios	Write	String	Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
RearCamera	Write	String	Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
SdCard	Write	String	Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
SimultaneousMultiThreading	Write	String	Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
UsbTypeAPort	Write	String	Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
VirtualizationOfCpuAndIO	Write	String	Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
WakeOnLAN	Write	String	Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
WakeOnPower	Write	String	Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
WiFi	Write	String	Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
WindowsPlatformBinaryTable	Write	String	Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
WirelessWideAreaNetwork	Write	String	Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled.	`notConfigured`, `enabled`, `disabled`
Description	Write	String	Admin provided description of the Device Configuration.
DisplayName	Key	String	Admin provided name of the device configuration.
SupportsScopeTags	Write	Boolean	Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only.
Id	Write	String	The unique identifier for an entity. Read-only.
Assignments	Write	MSFT_DeviceManagementConfigurationPolicyAssignments[]	Represents the assignment to the Intune policy.
Ensure	Write	String	Present ensures the policy exists, absent ensures it is removed.	`Present`, `Absent`
Credential	Write	PSCredential	Credentials of the Admin
ApplicationId	Write	String	Id of the Azure Active Directory application to authenticate with.
TenantId	Write	String	Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret	Write	PSCredential	Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint	Write	String	Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity	Write	Boolean	Managed ID being used for authentication.

MSFT_DeviceManagementConfigurationPolicyAssignments¶

Parameters¶

Parameter	Attribute	DataType	Description	Allowed Values
dataType	Write	String	The type of the target assignment.	`#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget`
deviceAndAppManagementAssignmentFilterType	Write	String	The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.	`none`, `include`, `exclude`
deviceAndAppManagementAssignmentFilterId	Write	String	The Id of the filter for the target assignment.
groupId	Write	String	The group Id that is the target of the assignment.
groupDisplayName	Write	String	The group Display Name that is the target of the assignment.
collectionId	Write	String	The collection Id that is the target of the assignment.(ConfigMgr)

Description¶

Intune Device Configuration Firmware Interface Policy for Windows10

Permissions¶

Microsoft Graph¶

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions¶

Read
- DeviceManagementConfiguration.Read.All
Update
- DeviceManagementConfiguration.ReadWrite.All

Application permissions¶

Read
- DeviceManagementConfiguration.Read.All
Update
- DeviceManagementConfiguration.ReadWrite.All

Examples¶

Example 1¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example'
        {
            Assignments                    = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.allDevicesAssignmentTarget'
                }
            );
            Bluetooth                      = "notConfigured";
            BootFromBuiltInNetworkAdapters = "notConfigured";
            BootFromExternalMedia          = "notConfigured";
            Cameras                        = "enabled";
            ChangeUefiSettingsPermission   = "notConfiguredOnly";
            Credential                     = $Credscredential;
            DisplayName                    = "firmware";
            Ensure                         = "Present";
            FrontCamera                    = "enabled";
            InfraredCamera                 = "enabled";
            Microphone                     = "notConfigured";
            MicrophonesAndSpeakers         = "enabled";
            NearFieldCommunication         = "notConfigured";
            Radios                         = "enabled";
            RearCamera                     = "enabled";
            SdCard                         = "notConfigured";
            SimultaneousMultiThreading     = "enabled";
            SupportsScopeTags              = $True;
            UsbTypeAPort                   = "notConfigured";
            VirtualizationOfCpuAndIO       = "enabled";
            WakeOnLAN                      = "notConfigured";
            WakeOnPower                    = "notConfigured";
            WiFi                           = "notConfigured";
            WindowsPlatformBinaryTable     = "enabled";
            WirelessWideAreaNetwork        = "notConfigured";
        }
    }
}

Example 2¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example'
        {
            Assignments                    = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.allDevicesAssignmentTarget'
                }
            );
            Bluetooth                      = "notConfigured";
            BootFromBuiltInNetworkAdapters = "notConfigured";
            BootFromExternalMedia          = "notConfigured";
            Cameras                        = "enabled"; # Updated Property
            ChangeUefiSettingsPermission   = "notConfiguredOnly";
            Credential                     = $Credscredential;
            DisplayName                    = "firmware";
            Ensure                         = "Present";
            FrontCamera                    = "enabled";
            InfraredCamera                 = "enabled";
            Microphone                     = "notConfigured";
            MicrophonesAndSpeakers         = "enabled";
            NearFieldCommunication         = "notConfigured";
            Radios                         = "enabled";
            RearCamera                     = "enabled";
            SdCard                         = "notConfigured";
            SimultaneousMultiThreading     = "enabled";
            SupportsScopeTags              = $True;
            UsbTypeAPort                   = "notConfigured";
            VirtualizationOfCpuAndIO       = "enabled";
            WakeOnLAN                      = "notConfigured";
            WakeOnPower                    = "notConfigured";
            WiFi                           = "notConfigured";
            WindowsPlatformBinaryTable     = "enabled";
            WirelessWideAreaNetwork        = "notConfigured";
        }
    }
}

Example 3¶

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10 'Example'
        {
            Credential                     = $Credscredential;
            DisplayName                    = "firmware";
            Ensure                         = "Absent";
        }
    }
}