SPOAccessControlSettings¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSingleInstance | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | Yes |
| DisplayStartASiteOption | Write | Boolean | Determines whether tenant users see the Start a Site menu option | |
| StartASiteFormUrl | Write | String | Specifies URL of the form to load in the Start a Site dialog. The valid values are: |
|
| IPAddressEnforcement | Write | Boolean | Allows access from network locations that are defined by an administrator. | |
| IPAddressAllowList | Write | String | Configures multiple IP addresses or IP address ranges (IPv4 or IPv6). Use commas to separate multiple IP addresses or IP address ranges. | |
| IPAddressWACTokenLifetime | Write | UInt32 | Office webapps TokenLifeTime in minutes | |
| DisallowInfectedFileDownload | Write | Boolean | Prevents the Download button from being displayed on the Virus Found warning page. | |
| ExternalServicesEnabled | Write | Boolean | Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters. | |
| EmailAttestationRequired | Write | Boolean | Sets email attestation to required | |
| EmailAttestationReAuthDays | Write | UInt32 | Sets email attestation re-auth days | |
| EnableRestrictedAccessControl | Write | Boolean | Enables or disables the restricted access control. | |
| Ensure | Write | String | Only value accepted is 'Present' | Present, Absent |
| Credential | Write | PSCredential | Credentials of the account to authenticate with. | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | |
| CertificatePassword | Write | PSCredential | Username can be made up to anything but password will be used for certificatePassword | |
| CertificatePath | Write | String | Path to certificate used in service principal usually a PFX file. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| ConditionalAccessPolicy | Write | String | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | AllowFullAccess, AllowLimitedAccess, BlockAccess, ProtectionLevel |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
SPO Access Control Settings¶
Description¶
This resource allows users to configure and monitor the access control settings for your SPO tenant sharing settings.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- Domain.Read.All
-
Update
- Domain.Read.All
Application permissions¶
-
Read
- Domain.Read.All
-
Update
- Domain.Read.All
Microsoft SharePoint¶
To authenticate with the SharePoint API, this resource required the following permissions:
Delegated permissions¶
-
Read
- Sites.FullControl.All
-
Update
- Sites.FullControl.All
Application permissions¶
-
Read
- Sites.FullControl.All
-
Update
- Sites.FullControl.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter(Mandatory = $true)]
[PSCredential]
$Credscredential
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
SPOAccessControlSettings 'ConfigureAccessControlSettings'
{
IsSingleInstance = "Yes"
DisplayStartASiteOption = $false
StartASiteFormUrl = "https://contoso.sharepoint.com"
IPAddressEnforcement = $false
IPAddressWACTokenLifetime = 15
DisallowInfectedFileDownload = $false
ExternalServicesEnabled = $true
EmailAttestationRequired = $false
EmailAttestationReAuthDays = 30
Ensure = "Present"
Credential = $Credscredential
}
}
}