Public/generated/Get-KriticalUtcmEXOAuthenticationPolicy.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmEXOAuthenticationPolicy {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource EXOAuthenticationPolicy.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCEXOAuthenticationPolicy -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmEXOAuthenticationPolicy -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Exchange
    Param count: 21
#>

[CmdletBinding()]
param(
        # The Identity parameter specifies the authentication policy you want to view or modify.
[Parameter(Mandatory)] [string]$Identity,
        # The AllowBasicAuthActiveSync switch specifies whether to allow Basic authentication with Exchange Active Sync.
[bool]$AllowBasicAuthActiveSync,
        # The AllowBasicAuthAutodiscover switch specifies whether to allow Basic authentication with Autodiscover.
[bool]$AllowBasicAuthAutodiscover,
        # The AllowBasicAuthImap switch specifies whether to allow Basic authentication with IMAP.
[bool]$AllowBasicAuthImap,
        # The AllowBasicAuthMapi switch specifies whether to allow Basic authentication with MAPI.
[bool]$AllowBasicAuthMapi,
        # The AllowBasicAuthOfflineAddressBook switch specifies whether to allow Basic authentication with Offline Address Books.
[bool]$AllowBasicAuthOfflineAddressBook,
        # The AllowBasicAuthOutlookService switch specifies whether to allow Basic authentication with the Outlook service.
[bool]$AllowBasicAuthOutlookService,
        # The AllowBasicAuthPop switch specifies whether to allow Basic authentication with POP.
[bool]$AllowBasicAuthPop,
        # The AllowBasicAuthPowerShell switch specifies whether to allow Basic authentication with PowerShell.
[bool]$AllowBasicAuthPowershell,
        # The AllowBasicAuthReporting Web Services switch specifies whether to allow Basic authentication with reporting web services.
[bool]$AllowBasicAuthReportingWebServices,
        # The AllowBasicAuthRpc switch specifies whether to allow Basic authentication with RPC.
[bool]$AllowBasicAuthRpc,
        # The AllowBasicAuthSmtp switch specifies whether to allow Basic authentication with SMTP.
[bool]$AllowBasicAuthSmtp,
        # The AllowBasicAuthWebServices switch specifies whether to allow Basic authentication with Exchange Web Services (EWS).
[bool]$AllowBasicAuthWebServices,
        # Specify if the authentication Policy should exist or not.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Exchange Global Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'EXOAuthenticationPolicy' -Workload 'Exchange' -Verb 'Get' -CallerParams $PSBoundParameters
}