Public/generated/Get-KriticalUtcmAADAuthorizationPolicy.ps1
|
# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit # (c) 2026 Kritical Pty Ltd | https://kritical.net # Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner. function Get-KriticalUtcmAADAuthorizationPolicy { <# .SYNOPSIS Kritical.UTCM shim for M365DSC resource AADAuthorizationPolicy. .DESCRIPTION Search-replace safe: callers that today invoke Get-M365DSCAADAuthorizationPolicy -Credential $cred -TenantId $tid can rename to Get-KriticalUtcmAADAuthorizationPolicy -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. By default -PreferM365DscBehavior is true. Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Entra Param count: 24 #> [CmdletBinding()] param( # Only valid value is 'Yes'. [Parameter(Mandatory)] [ValidateSet('Yes')] [string]$IsSingleInstance, # Display name for this policy. [string]$DisplayName, # Description of this policy. [string]$Description, # Boolean Indicates whether users can sign up for email based subscriptions. [bool]$AllowedToSignUpEmailBasedSubscriptions, # Boolean Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant. [bool]$AllowedToUseSSPR, # Boolean Indicates whether a user can join the tenant by email validation. [bool]$AllowEmailVerifiedUsersToJoinOrganization, # Indicates who can invite external users to the organization. Possible values are: None, AdminsAndGuestInviters, AdminsGuestInvitersAndAllMembers, Everyone. Everyone is the default setting for all cloud environments except US Government. [ValidateSet('None','AdminsAndGuestInviters','AdminsGuestInvitersAndAllMembers','Everyone')] [string]$AllowInvitesFrom, # Indicates whether user consent for risky apps is allowed. [bool]$AllowUserConsentForRiskyApps, # Boolean To disable the use of MSOL PowerShell, set this property to true. This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph. [bool]$BlockMsolPowershell, # Boolean Indicates whether the default user role can create applications. [bool]$DefaultUserRoleAllowedToCreateApps, # Boolean Indicates whether the default user role can create security groups. [bool]$DefaultUserRoleAllowedToCreateSecurityGroups, # Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role. [bool]$DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice, # Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Azure portal. When this setting is false, users assigned the Tenant Creator role can still create tenants. [bool]$DefaultUserRoleAllowedToCreateTenants, # Boolean Indicates whether the default user role can read other users. [bool]$DefaultUserRoleAllowedToReadOtherUsers, # The role that should be granted to guest users. Refer to List unifiedRoleDefinitions to find the list of available role templates. Only supported roles today are User, Guest User, and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b). [ValidateSet('Guest','RestrictedGuest','User')] [string]$GuestUserRole, # Specify that the Azure Authorization Policy should exist. [ValidateSet('Present')] [string]$Ensure, # Credentials for the Microsoft Graph delegated permissions. [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Secret of the Azure Active Directory application to authenticate with. [string]$ApplicationSecret, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AADAuthorizationPolicy' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters } |