IntuneSettingCatalogCustomPolicyWindows10¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Description | Write | String | Policy description | |
| Name | Key | String | Policy name | |
| Platforms | Write | String | Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue. | none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue |
| Technologies | Write | String | Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMAM, linuxMdm, enrollment, endpointPrivilegeManagement, unknownFutureValue. | none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, linuxMdm, enrollment, endpointPrivilegeManagement, unknownFutureValue |
| TemplateReference | Write | MSFT_MicrosoftGraphdeviceManagementConfigurationPolicyTemplateReference | Template reference information | |
| Settings | Write | MSFT_MicrosoftGraphdeviceManagementConfigurationSetting[] | Policy settings | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Assignments | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_DeviceManagementConfigurationPolicyAssignments¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| dataType | Write | String | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget |
| deviceAndAppManagementAssignmentFilterType | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none, include, exclude |
| deviceAndAppManagementAssignmentFilterId | Write | String | The Id of the filter for the target assignment. | |
| groupId | Write | String | The group Id that is the target of the assignment. | |
| groupDisplayName | Write | String | The group Display Name that is the target of the assignment. | |
| collectionId | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) |
MSFT_MicrosoftGraphDeviceManagementConfigurationPolicyTemplateReference¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| TemplateDisplayName | Write | String | Template Display Name of the referenced template. This property is read-only. | |
| TemplateDisplayVersion | Write | String | Template Display Version of the referenced Template. This property is read-only. | |
| TemplateFamily | Write | String | Template Family of the referenced Template. This property is read-only. Possible values are: none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts. | none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts |
| TemplateId | Write | String | Template id |
MSFT_MicrosoftGraphDeviceManagementConfigurationSetting¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| SettingInstance | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance | Setting Instance | |
| Id | Write | String | The unique identifier for an entity. Read-only. |
MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| SettingDefinitionId | Write | String | Setting Definition Id | |
| SettingInstanceTemplateReference | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference | Setting Instance Template Reference | |
| ChoiceSettingCollectionValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue[] | Choice setting collection value | |
| ChoiceSettingValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue | Choice setting value | |
| GroupSettingCollectionValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue[] | A collection of GroupSetting values | |
| GroupSettingValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue | GroupSetting value | |
| SimpleSettingCollectionValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue[] | Simple setting collection instance value | |
| SimpleSettingValue | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue | Simple setting instance value | |
| odataType | Write | String | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance, #microsoft.graph.deviceManagementConfigurationChoiceSettingInstance, #microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance, #microsoft.graph.deviceManagementConfigurationGroupSettingInstance, #microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance, #microsoft.graph.deviceManagementConfigurationSettingGroupInstance, #microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance, #microsoft.graph.deviceManagementConfigurationSimpleSettingInstance |
MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| SettingInstanceTemplateId | Write | String | Setting instance template id |
MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Children | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[] | Child settings. | |
| Value | Write | String | Choice setting value: an OptionDefinition ItemId. | |
| SettingValueTemplateReference | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference | Setting value template reference | |
| odataType | Write | String | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue, #microsoft.graph.deviceManagementConfigurationGroupSettingValue, #microsoft.graph.deviceManagementConfigurationSimpleSettingValue |
MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| settingValueTemplateId | Write | String | Setting value template id | |
| useTemplateDefault | Write | Boolean | Indicates whether to update policy setting value to match template setting default value |
MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Children | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[] | Collection of child setting instances contained within this GroupSetting | |
| SettingValueTemplateReference | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference | Setting value template reference | |
| Value | Write | String | Choice setting value: an OptionDefinition ItemId. | |
| odataType | Write | String | The type of the entity. | #microsoft.graph.deviceManagementConfigurationChoiceSettingValue, #microsoft.graph.deviceManagementConfigurationGroupSettingValue, #microsoft.graph.deviceManagementConfigurationSimpleSettingValue |
MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IntValue | Write | UInt32 | Value of the integer setting. | |
| StringValue | Write | String | Value of the string setting. | |
| ValueState | Write | String | Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken. | invalid, notEncrypted, encryptedValueToken |
| odataType | Write | String | The type of the entity. | #microsoft.graph.deviceManagementConfigurationIntegerSettingValue, #microsoft.graph.deviceManagementConfigurationStringSettingValue, #microsoft.graph.deviceManagementConfigurationSecretSettingValue |
| SettingValueTemplateReference | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference | Setting value template reference | |
| Children | Write | MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[] | Child settings. |
Description¶
Intune Setting Catalog Custom Policy for Windows10
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- Group.Read.All, DeviceManagementConfiguration.Read.All
-
Update
- Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
Application permissions¶
-
Read
- Group.Read.All, DeviceManagementConfiguration.Read.All
-
Update
- Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSettingCatalogCustomPolicyWindows10 'Example'
{
Assignments = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
deviceAndAppManagementAssignmentFilterType = 'none'
dataType = '#microsoft.graph.allDevicesAssignmentTarget'
}
);
Description = "";
Ensure = "Present";
Name = "Setting Catalog Raw - DSC";
Platforms = "windows10";
Settings = @(
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration'
simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{
odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue'
StringValue = ''
}
odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
);
Technologies = "mdm";
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSettingCatalogCustomPolicyWindows10 'Example'
{
Assignments = @(
MSFT_DeviceManagementConfigurationPolicyAssignments{
deviceAndAppManagementAssignmentFilterType = 'none'
dataType = '#microsoft.graph.allDevicesAssignmentTarget'
}
);
Description = "Updated Description"; # Updated Property
Ensure = "Present";
Name = "Setting Catalog Raw - DSC";
Platforms = "windows10";
Settings = @(
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_abovelock_allowcortanaabovelock'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_defaultassociationsconfiguration'
simpleSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue{
odataType = '#microsoft.graph.deviceManagementConfigurationStringSettingValue'
StringValue = ''
}
odataType = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_applicationdefaults_enableappurihandlers'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowarchivescanning_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowarchivescanning'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowbehaviormonitoring'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
MSFT_MicrosoftGraphdeviceManagementConfigurationSetting{
SettingInstance = MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance{
choiceSettingValue = MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue{
Value = 'device_vendor_msft_policy_config_defender_allowcloudprotection_1'
}
SettingDefinitionId = 'device_vendor_msft_policy_config_defender_allowcloudprotection'
odataType = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
}
}
);
Technologies = "mdm";
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSettingCatalogCustomPolicyWindows10 'Example'
{
Ensure = "Absent";
Name = "Setting Catalog Raw - DSC";
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}