Public/generated/Get-KriticalUtcmEXOIRMConfiguration.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmEXOIRMConfiguration {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource EXOIRMConfiguration.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCEXOIRMConfiguration -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmEXOIRMConfiguration -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Exchange
    Param count: 24
#>

[CmdletBinding()]
param(
        # Only valid value is 'Yes'.
[Parameter(Mandatory)] [ValidateSet('Yes')] [string]$IsSingleInstance,
        # The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.
[bool]$AutomaticServiceUpdateEnabled,
        # The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.
[bool]$AzureRMSLicensingEnabled,
        # The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.
[bool]$DecryptAttachmentForEncryptOnly,
        # The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages in a discovery mailbox that were returned by a discovery search.
[bool]$EDiscoverySuperUserEnabled,
        # The EnablePdfEncryption parameter specifies whether to enable the encryption of PDF attachments using Microsoft Purview Message Encryption.
[bool]$EnablePdfEncryption,
        # The EnablePortalTrackingLogs parameter specifies whether to enable portal message tracking logs.
[bool]$EnablePortalTrackingLogs,
        # The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to internal and external recipients.
[bool]$InternalLicensingEnabled,
        # The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption.
[bool]$JournalReportDecryptionEnabled,
        # This parameter is available only in the cloud-based service.
[bool]$RejectIfRecipientHasNoRights,
        # The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization.
[string]$RMSOnlineKeySharingLocation,
        # The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web (formerly known as Outlook Web App).
[bool]$SearchEnabled,
        # The SimplifiedClientAccessDoNotForwardDisabled parameter specifies whether to disable Do not forward in Outlook on the web.
[bool]$SimplifiedClientAccessDoNotForwardDisabled,
        # The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web.
[bool]$SimplifiedClientAccessEnabled,
        # The SimplifiedClientAccessEncryptOnlyDisabled parameter specifies whether to disable Encrypt only in Outlook on the web.
[bool]$SimplifiedClientAccessEncryptOnlyDisabled,
        # The TransportDecryptionSetting parameter specifies the transport decryption configuration.
[ValidateSet('Disabled','Mandatory','Optional')] [string]$TransportDecryptionSetting,
        # Specifies if this Outbound connector should exist.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Exchange Global Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'EXOIRMConfiguration' -Workload 'Exchange' -Verb 'Get' -CallerParams $PSBoundParameters
}