Public/generated/Get-KriticalUtcmAADDomainFederation.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmAADDomainFederation {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource AADDomainFederation.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCAADDomainFederation -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmAADDomainFederation -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Entra
    Param count: 24
#>

[CmdletBinding()]
param(
        # The domain ID for which the federation configuration is being managed.
[Parameter(Mandatory)] [string]$DomainId,
        # The unique identifier of the federation configuration.
[string]$Id,
        # The display name of the federation configuration.
[string]$DisplayName,
        # Issuer URI of the federation server.
[string]$IssuerUri,
        # URI of the metadata exchange endpoint used for authentication.
[string]$MetadataExchangeUri,
        # Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate.
[string]$SigningCertificate,
        # Next signing certificate that can be used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate.
[string]$NextSigningCertificate,
        # URI that web-based clients are directed to when signing in to Microsoft Entra services.
[string]$PassiveSignInUri,
        # URI that active clients are directed to when signing in to Microsoft Entra services.
[string]$ActiveSignInUri,
        # URI to which clients are redirected when signing out of Microsoft Entra services.
[string]$SignOutUri,
        # Preferred authentication protocol. Supported values are wsFed and saml.
[string]$PreferredAuthenticationProtocol,
        # Prompt login behavior of the federated IdP.
[string]$PromptLoginBehavior,
        # Determines whether Microsoft Entra ID accepts the MFA performed by the federated IdP. Supported values are acceptIfMfaDoneByFederatedIdp, enforceMfaByFederatedIdp, rejectMfaByFederatedIdp.
[string]$FederatedIdpMfaBehavior,
        # URI that clients are redirected to for resetting their password.
[string]$PasswordResetUri,
        # Specifies whether the federation requires signed authentication requests.
[bool]$IsSignedAuthenticationRequestRequired,
        # Present ensures the instance exists, absent ensures it is removed.
[ValidateSet('Absent','Present')] [string]$Ensure,
        # Credentials of the workload's Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Secret of the Azure Active Directory application to authenticate with.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AADDomainFederation' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters
}