IntuneDeviceControlPolicySetting¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| MatchType | Write | String | The match type of the policy settings. Possible values: Any, All | Any, All |
| PrinterPolicySettings | Write | MSFT_ReusablePrinterDeviceControlPolicySetting[] | The Printer Device Control policy settings. | |
| StoragePolicySettings | Write | MSFT_ReusableStorageDeviceControlPolicySetting[] | The Storage Device Control policy settings. | |
| Description | Write | String | Description of the setting. | |
| DisplayName | Key | String | Display Name of the setting. | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_ReusableStorageDeviceControlPolicySetting¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| BusId | Write | String | The Bus ID of the logical bus where the device is connected to. Examples are USB, SCSI. | |
| DeviceId | Write | String | The Device ID of the device. | |
| FriendlyNameId | Write | String | The Friendly Name of the device. Example is 'Generic Flash Disk USB Device'. | |
| HardwareId | Write | String | The Hardware ID of the device. Example is 'USBSTOR\DiskGeneric_Flash_Disk___8.07'. | |
| InstancePathId | Write | String | The Instance Path ID of the device. Uniquely identifies the device in the system. Example is 'USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0'. | |
| Name | Required | String | The identifier of the reusable policy setting. | |
| PID | Write | String | The Product ID of the device. Example is '55E0'. | |
| PrimaryId | Write | String | The Primary ID of the device. Possible values are: RemovableMediaDevices, CdRomDevices, WpdDevices, and PrinterDevices | CdRomDevices, PrinterDevices, RemovableMediaDevices, WpdDevices |
| SerialNumberId | Write | String | The Serial Number ID of the device. Example is '03003324080520232521', which corresponds to 'USBSTOR\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\03003324080520232521&0'. | |
| VID | Write | String | The Vendor ID of the device. Example is '0751'. | |
| VID_PID | Write | String | The combination of Vendor and Product ID. Example is '0000_1111. |
MSFT_ReusablePrinterDeviceControlPolicySetting¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| FriendlyNameId | Write | String | The Friendly Name of the device. Example is 'Generic Printer'. | |
| Name | Required | String | The identifier of the reusable policy setting. | |
| PrimaryId | Write | SInt32 | The Primary ID of the device. Possible values are: 0: Printer Devices | 0 |
| PrinterConnectionId | Write | SInt32 | The Printer Connection Id. Possible values are: 0: USB, 1: Corporate, 2: Network, 3: Universal, 4: File, 5: Custom, 6: Local. | 0, 1, 2, 3, 4, 5, 6 |
| VID_PID | Write | String | The combination of Vendor and Product ID. Example is '0000_1111. |
IntuneFirewallPolicySetting¶
Description¶
Intune Device Control Policy Setting
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementConfiguration.Read.All
-
Update
- DeviceManagementConfiguration.ReadWrite.All
Examples¶
Example 1¶
This example creates a new Intune Device Control Policy Setting.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceControlPolicySetting "IntuneDeviceControlPolicySetting-IntuneDeviceControlPolicySetting_1"
{
Description = "";
DisplayName = "IntuneDeviceControlPolicySetting_1";
Ensure = "Present";
MatchType = "All";
PrinterPolicySettings = @(
MSFT_ReusablePrinterDeviceControlPolicySetting{
FriendlyNameId = "Printer\FriendlyNameId"
Name = "PrinterReusableSetting"
VID_PID = "0000_1111"
PrinterConnectionId = 0
PrimaryId = 0
}
);
StoragePolicySettings = @(
MSFT_ReusableStorageDeviceControlPolicySetting{
VID_PID = "1111_2222"
SerialNumberId = "bbbb"
HardwareId = "HardwareId"
PrimaryId = "RemovableMediaDevices"
DeviceId = "aaa"
Name = "RemovableStorageSetting"
VID = "0000"
BusId = "USB"
FriendlyNameId = "FriendlyNameId"
PID = "1111"
InstancePathId = "USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0"
}
);
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 2¶
This example updates a Intune Device Control Policy Setting.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceControlPolicySetting "IntuneDeviceControlPolicySetting-IntuneDeviceControlPolicySetting_1"
{
Description = "";
DisplayName = "IntuneDeviceControlPolicySetting_1";
Ensure = "Present";
MatchType = "All";
PrinterPolicySettings = @(
MSFT_ReusablePrinterDeviceControlPolicySetting{
FriendlyNameId = "Printer\FriendlyNameId"
Name = "PrinterReusableSetting"
VID_PID = "0000_1111"
PrinterConnectionId = 1 # Updated property
PrimaryId = 0
}
);
StoragePolicySettings = @(
MSFT_ReusableStorageDeviceControlPolicySetting{
VID_PID = "1111_2222"
SerialNumberId = "bbbb"
HardwareId = "HardwareId"
PrimaryId = "RemovableMediaDevices"
DeviceId = "aaa"
Name = "RemovableStorageSetting"
VID = "0000"
BusId = "USB"
FriendlyNameId = "FriendlyNameId"
PID = "1111"
InstancePathId = "USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0"
}
);
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 3¶
This example removes a Intune Device Control Policy Setting.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneDeviceControlPolicySetting "IntuneDeviceControlPolicySetting-IntuneDeviceControlPolicySetting_1"
{
DisplayName = "IntuneDeviceControlPolicySetting_1";
Ensure = "Absent";
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}