Public/generated/Get-KriticalUtcmIntuneAzureNetworkConnectionWindows365.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmIntuneAzureNetworkConnectionWindows365 {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource IntuneAzureNetworkConnectionWindows365.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCIntuneAzureNetworkConnectionWindows365 -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmIntuneAzureNetworkConnectionWindows365 -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Intune
    Param count: 20
#>

[CmdletBinding()]
param(
        # The fully qualified domain name (FQDN) of the Active Directory domain you want to join. Optional.
[string]$AdDomainName,
        # The password associated with adDomainUsername. Cannot be exported and must be manually added before deploying the network connection.
[string]$AdDomainPassword,
        # The username of an Active Directory account (user or service account) that has permissions to create computer objects in Active Directory. Required format: admincontoso.com. Optional.
[string]$AdDomainUsername,
        # Specifies the method by which a provisioned Cloud PC is joined to Microsoft Entra. The azureADJoin option indicates the absence of an on-premises Active Directory (AD) in the current tenant that results in the Cloud PC device only joining to Microsoft Entra. The hybridAzureADJoin option indicates the presence of an on-premises AD in the current tenant and that the Cloud PC joins both the on-premises AD and Microsoft Entra. The selected option also determines the types of users who can be assigned and can sign into a Cloud PC. The azureADJoin option allows both cloud-only and hybrid users to be assigned and sign in, whereas hybridAzureADJoin is restricted to hybrid users only. The default value is hybridAzureADJoin. The possible values are: hybridAzureADJoin, azureADJoin.
[ValidateSet('hybridAzureADJoin','azureADJoin')] [string]$ConnectionType,
        # The display name for the Azure network connection.
[Parameter(Mandatory)] [string]$DisplayName,
        # The organizational unit (OU) in which the computer account is created. If left null, the OU configured as the default (a well-known computer object container) in your Active Directory domain (OU) is used. Optional. Only applicable for the connection type 'hybridAzureADJoin'.
[string]$OrganizationalUnit,
        # The ID of the target resource group. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}.
[Parameter(Mandatory)] [string]$ResourceGroupId,
        # The ID of the target subnet. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}.
[Parameter(Mandatory)] [string]$SubnetId,
        # The name of the target Azure subscription.
[Parameter(Mandatory)] [string]$SubscriptionName,
        # The ID of the target virtual network. Required format: /subscriptions/{subscription-id}/{resourceGroups/resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}.
[Parameter(Mandatory)] [string]$VirtualNetworkId,
        # The unique identifier for an entity. Read-only.
[string]$Id,
        # Present ensures the policy exists, absent ensures it is removed.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Secret of the Azure Active Directory tenant used for authentication.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'IntuneAzureNetworkConnectionWindows365' -Workload 'Intune' -Verb 'Get' -CallerParams $PSBoundParameters
}