IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined¶
Parameters¶
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
HybridAzureADJoinSkipConnectivityCheck | Write | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. | |
Description | Write | String | Description of the profile | |
DeviceNameTemplate | Write | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. | |
DeviceType | Write | String | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. | windowsPc , surfaceHub2 , holoLens , surfaceHub2S , virtualMachine , unknownFutureValue |
DisplayName | Key | String | Name of the profile | |
EnableWhiteGlove | Write | Boolean | Enable Autopilot White Glove for the profile. | |
EnrollmentStatusScreenSettings | Write | MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings | Enrollment status screen setting | |
ExtractHardwareHash | Write | Boolean | HardwareHash Extraction for the profile | |
Language | Write | String | Language configured on the device | |
ManagementServiceAppId | Write | String | AzureAD management app ID used during client device-based enrollment discovery | |
OutOfBoxExperienceSettings | Write | MSFT_MicrosoftGraphoutOfBoxExperienceSettings | Out of box experience setting | |
Id | Write | String | The unique identifier for an entity. Read-only. | |
Assignments | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present , Absent |
Credential | Write | PSCredential | Credentials of the Admin | |
ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_DeviceManagementConfigurationPolicyAssignments¶
Parameters¶
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
dataType | Write | String | The type of the target assignment. | #microsoft.graph.groupAssignmentTarget , #microsoft.graph.allLicensedUsersAssignmentTarget , #microsoft.graph.allDevicesAssignmentTarget , #microsoft.graph.exclusionGroupAssignmentTarget , #microsoft.graph.configurationManagerCollectionAssignmentTarget |
deviceAndAppManagementAssignmentFilterType | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none , include , exclude |
deviceAndAppManagementAssignmentFilterId | Write | String | The Id of the filter for the target assignment. | |
groupId | Write | String | The group Id that is the target of the assignment. | |
groupDisplayName | Write | String | The group Display Name that is the target of the assignment. | |
collectionId | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) |
MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings¶
Parameters¶
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
AllowDeviceUseBeforeProfileAndAppInstallComplete | Write | Boolean | Allow or block user to use device before profile and app installation complete | |
AllowDeviceUseOnInstallFailure | Write | Boolean | Allow the user to continue using the device on installation failure | |
AllowLogCollectionOnInstallFailure | Write | Boolean | Allow or block log collection on installation failure | |
BlockDeviceSetupRetryByUser | Write | Boolean | Allow the user to retry the setup on installation failure | |
CustomErrorMessage | Write | String | Set custom error message to show upon installation failure | |
HideInstallationProgress | Write | Boolean | Show or hide installation progress to user | |
InstallProgressTimeoutInMinutes | Write | UInt32 | Set installation progress timeout in minutes |
MSFT_MicrosoftGraphOutOfBoxExperienceSettings¶
Parameters¶
Parameter | Attribute | DataType | Description | Allowed Values |
---|---|---|---|---|
DeviceUsageType | Write | String | AAD join authentication type. Possible values are: singleUser, shared. | singleUser , shared |
HideEscapeLink | Write | Boolean | If set to true, then the user can't start over with different account, on company sign-in | |
HideEULA | Write | Boolean | Show or hide EULA to user | |
HidePrivacySettings | Write | Boolean | Show or hide privacy settings to user | |
SkipKeyboardSelectionPage | Write | Boolean | If set, then skip the keyboard selection page if Language and Region are set | |
UserType | Write | String | Type of user. Possible values are: administrator, standard. | administrator , standard |
Description¶
Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
Assignments = @();
Description = "";
DeviceNameTemplate = "";
DeviceType = "windowsPc";
DisplayName = "hybrid";
EnableWhiteGlove = $True;
Ensure = "Present";
ExtractHardwareHash = $False;
HybridAzureADJoinSkipConnectivityCheck = $True;
Language = "os-default";
OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
HideEULA = $True
HideEscapeLink = $True
HidePrivacySettings = $True
DeviceUsageType = 'singleUser'
SkipKeyboardSelectionPage = $False
UserType = 'standard'
};
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
Assignments = @();
Description = "";
DeviceNameTemplate = "";
DeviceType = "windowsPc";
DisplayName = "hybrid";
EnableWhiteGlove = $False; # Updated Property
Ensure = "Present";
ExtractHardwareHash = $False;
HybridAzureADJoinSkipConnectivityCheck = $True;
Language = "os-default";
OutOfBoxExperienceSettings = MSFT_MicrosoftGraphoutOfBoxExperienceSettings{
HideEULA = $True
HideEscapeLink = $True
HidePrivacySettings = $True
DeviceUsageType = 'singleUser'
SkipKeyboardSelectionPage = $False
UserType = 'standard'
};
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined 'Example'
{
DisplayName = "hybrid";
Ensure = "Absent";
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}