IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| HybridAzureADJoinSkipConnectivityCheck | Write | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. | |
| Description | Write | String | Description of the profile | |
| DeviceNameTemplate | Write | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. | |
| DeviceType | Write | String | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | windowsPc, surfaceHub2, holoLens, surfaceHub2S, virtualMachine, unknownFutureValue |
| DisplayName | Key | String | Name of the profile | |
| EnableWhiteGlove | Write | Boolean | Enable Autopilot White Glove for the profile. | |
| EnrollmentStatusScreenSettings | Write | MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings | Enrollment status screen setting | |
| ExtractHardwareHash | Write | Boolean | HardwareHash Extraction for the profile | |
| Language | Write | String | Language configured on the device | |
| ManagementServiceAppId | Write | String | AzureAD management app ID used during client device-based enrollment discovery | |
| OutOfBoxExperienceSettings | Write | MSFT_MicrosoftGraphoutOfBoxExperienceSettings | Out of box experience setting | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| Assignments | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. |
MSFT_DeviceManagementConfigurationPolicyAssignments¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| dataType | Write | String | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget |
| deviceAndAppManagementAssignmentFilterType | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none, include, exclude |
| deviceAndAppManagementAssignmentFilterId | Write | String | The Id of the filter for the target assignment. | |
| groupId | Write | String | The group Id that is the target of the assignment. | |
| groupDisplayName | Write | String | The group Display Name that is the target of the assignment. | |
| collectionId | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) |
MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| AllowDeviceUseBeforeProfileAndAppInstallComplete | Write | Boolean | Allow or block user to use device before profile and app installation complete | |
| AllowDeviceUseOnInstallFailure | Write | Boolean | Allow the user to continue using the device on installation failure | |
| AllowLogCollectionOnInstallFailure | Write | Boolean | Allow or block log collection on installation failure | |
| BlockDeviceSetupRetryByUser | Write | Boolean | Allow the user to retry the setup on installation failure | |
| CustomErrorMessage | Write | String | Set custom error message to show upon installation failure | |
| HideInstallationProgress | Write | Boolean | Show or hide installation progress to user | |
| InstallProgressTimeoutInMinutes | Write | UInt32 | Set installation progress timeout in minutes |
MSFT_MicrosoftGraphOutOfBoxExperienceSettings¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| DeviceUsageType | Write | String | AAD join authentication type. Possible values are: singleUser, shared. | singleUser, shared |
| HideEscapeLink | Write | Boolean | If set to true, then the user can't start over with different account, on company sign-in | |
| HideEULA | Write | Boolean | Show or hide EULA to user | |
| HidePrivacySettings | Write | Boolean | Show or hide privacy settings to user | |
| SkipKeyboardSelectionPage | Write | Boolean | If set, then skip the keyboard selection page if Language and Region are set | |
| UserType | Write | String | Type of user. Possible values are: administrator, standard. | administrator, standard |
Description¶
Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
Assignments = @();
Credential = $Credscredential;
Description = "";
DeviceNameTemplate = "";
DeviceType = "windowsPc";
DisplayName = "hybrid";
EnableWhiteGlove = $True;
Ensure = "Present";
ExtractHardwareHash = $False;
HybridAzureADJoinSkipConnectivityCheck = $True;
Language = "os-default";
OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
HideEULA = $True
HideEscapeLink = $True
HidePrivacySettings = $True
DeviceUsageType = 'singleUser'
SkipKeyboardSelectionPage = $False
UserType = 'standard'
};
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
Assignments = @();
Credential = $Credscredential;
Description = "";
DeviceNameTemplate = "";
DeviceType = "windowsPc";
DisplayName = "hybrid";
EnableWhiteGlove = $False; # Updated Property
Ensure = "Present";
ExtractHardwareHash = $False;
HybridAzureADJoinSkipConnectivityCheck = $True;
Language = "os-default";
OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
HideEULA = $True
HideEscapeLink = $True
HidePrivacySettings = $True
DeviceUsageType = 'singleUser'
SkipKeyboardSelectionPage = $False
UserType = 'standard'
};
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
Credential = $Credscredential;
DisplayName = "hybrid";
Ensure = "Absent";
}
}
}