IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| WindowsNetworkIsolationPolicy | Write | MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy | Windows Network Isolation Policy | |
| Description | Write | String | Admin provided description of the Device Configuration. | |
| DisplayName | Key | String | Admin provided name of the device configuration. | |
| SupportsScopeTags | Write | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Assignments | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. |
MSFT_DeviceManagementConfigurationPolicyAssignments¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| dataType | Write | String | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget |
| deviceAndAppManagementAssignmentFilterType | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none, include, exclude |
| deviceAndAppManagementAssignmentFilterId | Write | String | The Id of the filter for the target assignment. | |
| groupId | Write | String | The group Id that is the target of the assignment. | |
| groupDisplayName | Write | String | The group Display Name that is the target of the assignment. | |
| collectionId | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) |
MSFT_MicrosoftGraphWindowsNetworkIsolationPolicy¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| EnterpriseCloudResources | Write | MSFT_MicrosoftGraphProxiedDomain1[] | Contains a list of enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy. This collection can contain a maximum of 500 elements. | |
| EnterpriseInternalProxyServers | Write | StringArray[] | This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies. | |
| EnterpriseIPRanges | Write | MSFT_MicrosoftGraphIpRange1[] | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This collection can contain a maximum of 500 elements. | |
| EnterpriseIPRangesAreAuthoritative | Write | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false. | |
| EnterpriseNetworkDomainNames | Write | StringArray[] | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. | |
| EnterpriseProxyServers | Write | StringArray[] | This is a list of proxy servers. Any server not on this list is considered non-enterprise. | |
| EnterpriseProxyServersAreAuthoritative | Write | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false | |
| NeutralDomainResources | Write | StringArray[] | List of domain names that can used for work or personal resource. |
MSFT_MicrosoftGraphProxiedDomain1¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IpAddressOrFQDN | Write | String | The IP address or FQDN | |
| Proxy | Write | String | Proxy IP or FQDN |
MSFT_MicrosoftGraphIpRange1¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| CidrAddress | Write | String | IPv4 address in CIDR notation. Not nullable. | |
| LowerAddress | Write | String | Lower address. | |
| UpperAddress | Write | String | Upper address. | |
| odataType | Write | String | The type of the entity. | #microsoft.graph.iPv4CidrRange, #microsoft.graph.iPv6CidrRange, #microsoft.graph.iPv4Range, #microsoft.graph.iPv6Range |
Description¶
Intune Device Configuration Network Boundary Policy for Windows10
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example'
{
Assignments = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
deviceAndAppManagementAssignmentFilterType = 'none'
dataType = '#microsoft.graph.allDevicesAssignmentTarget'
}
);
Credential = $Credscredential;
DisplayName = "network boundary";
Ensure = "Present";
SupportsScopeTags = $True;
WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{
EnterpriseProxyServers = @()
EnterpriseInternalProxyServers = @()
EnterpriseIPRangesAreAuthoritative = $True
EnterpriseProxyServersAreAuthoritative = $True
EnterpriseNetworkDomainNames = @('domain.com')
EnterpriseIPRanges = @(
MSFT_MicrosoftGraphIpRange1{
UpperAddress = '1.1.1.255'
LowerAddress = '1.1.1.0'
odataType = '#microsoft.graph.iPv4Range'
}
)
NeutralDomainResources = @()
};
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example'
{
Assignments = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
deviceAndAppManagementAssignmentFilterType = 'none'
dataType = '#microsoft.graph.allDevicesAssignmentTarget'
}
);
Credential = $Credscredential;
DisplayName = "network boundary";
Ensure = "Present";
SupportsScopeTags = $False; # Updated Property
WindowsNetworkIsolationPolicy = MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy{
EnterpriseProxyServers = @()
EnterpriseInternalProxyServers = @()
EnterpriseIPRangesAreAuthoritative = $True
EnterpriseProxyServersAreAuthoritative = $True
EnterpriseNetworkDomainNames = @('domain.com')
EnterpriseIPRanges = @(
MSFT_MicrosoftGraphIpRange1{
UpperAddress = '1.1.1.255'
LowerAddress = '1.1.1.0'
odataType = '#microsoft.graph.iPv4Range'
}
)
NeutralDomainResources = @()
};
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 'Example'
{
Credential = $Credscredential;
DisplayName = "network boundary";
Ensure = "Absent";
}
}
}