Public/generated/Get-KriticalUtcmSPOAccessControlSettings.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmSPOAccessControlSettings {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource SPOAccessControlSettings.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCSPOAccessControlSettings -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmSPOAccessControlSettings -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: SharePoint
    Param count: 21
#>

[CmdletBinding()]
param(
        # Specifies the resource is a single instance, the value must be 'Yes'
[Parameter(Mandatory)] [ValidateSet('Yes')] [string]$IsSingleInstance,
        # Determines whether tenant users see the Start a Site menu option
[bool]$DisplayStartASiteOption,
        # Specifies URL of the form to load in the Start a Site dialog. The valid values are:<emptyString> (default) - Blank by default, this will also remove or clear any value that has been set.Full URL - Example: https://contoso.sharepoint.com/path/to/form
[string]$StartASiteFormUrl,
        # Allows access from network locations that are defined by an administrator.
[bool]$IPAddressEnforcement,
        # Configures multiple IP addresses or IP address ranges (IPv4 or IPv6). Use commas to separate multiple IP addresses or IP address ranges.
[string]$IPAddressAllowList,
        # Office webapps TokenLifeTime in minutes
[int]$IPAddressWACTokenLifetime,
        # Prevents the Download button from being displayed on the Virus Found warning page.
[bool]$DisallowInfectedFileDownload,
        # Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.
[bool]$ExternalServicesEnabled,
        # Sets email attestation to required
[bool]$EmailAttestationRequired,
        # Sets email attestation re-auth days
[int]$EmailAttestationReAuthDays,
        # Enables or disables the restricted access control.
[bool]$EnableRestrictedAccessControl,
        # Only value accepted is 'Present'
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the account to authenticate with.
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Secret of the Azure Active Directory application to authenticate with.
[string]$ApplicationSecret,
        # Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity,
        # Blocks or limits access to SharePoint and OneDrive content from un-managed devices.
[ValidateSet('AllowFullAccess','AllowLimitedAccess','BlockAccess','ProtectionLevel')] [string]$ConditionalAccessPolicy
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'SPOAccessControlSettings' -Workload 'SharePoint' -Verb 'Get' -CallerParams $PSBoundParameters
}