IntuneRoleDefinitionWindows365¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Description | Write | String | The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true. | |
| DisplayName | Key | String | The display name for the Windows 365 Role Definition. | |
| IsBuiltIn | Write | Boolean | Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq). | |
| RolePermissions | Write | MSFT_MicrosoftGraphunifiedRolePermission[] | List of permissions included in the role. Read-only when isBuiltIn is true. Required. | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_MicrosoftGraphUnifiedRolePermission¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AllowedResourceActions | Write | StringArray[] | Set of tasks that can be performed on a resource. |
Description¶
Intune Role Definition Windows365
Please note: Built-in policies cannot be created, updated or removed. They are still provided as is for tenant monitoring purposes.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource requires the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementRBAC.Read.All
-
Update
- DeviceManagementRBAC.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementRBAC.Read.All
-
Update
- DeviceManagementRBAC.ReadWrite.All
Examples¶
Example 1¶
This example creates a new Intune Role Definition.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
IntuneRoleDefinitionWindows365 'IntuneRoleDefinitionWindows365'
{
DisplayName = 'IntuneRoleDefinitionWindows365_1'
Description = ''
IsBuiltIn = $False
RolePermissions = @(
MSFT_MicrosoftGraphUnifiedRolePermission{
AllowedResourceActions = @(
"Microsoft.CloudPC/OnPremisesConnections/Create"
"Microsoft.CloudPC/OnPremisesConnections/Read"
)
}
);
Ensure = 'Present'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 2¶
This example creates a new Intune Role Definition.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
IntuneRoleDefinitionWindows365 'IntuneRoleDefinitionWindows365'
{
DisplayName = 'IntuneRoleDefinitionWindows365_1'
Description = ''
IsBuiltIn = $False
RolePermissions = @(
MSFT_MicrosoftGraphUnifiedRolePermission{
AllowedResourceActions = @(
"Microsoft.CloudPC/OnPremisesConnections/Create" # Updated property
)
}
);
Ensure = 'Present'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 3¶
This example creates a new Intune Role Definition.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
Node localhost
{
IntuneRoleDefinitionWindows365 'IntuneRoleDefinitionWindows365'
{
DisplayName = 'IntuneRoleDefinitionWindows365_1'
Ensure = 'Absent'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}