Public/generated/Get-KriticalUtcmTeamsAppSetupPolicy.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmTeamsAppSetupPolicy {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource TeamsAppSetupPolicy.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCTeamsAppSetupPolicy -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmTeamsAppSetupPolicy -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Teams
    Param count: 12
#>

[CmdletBinding()]
param(
        # Unique identifier to be assigned to the new Teams app setup policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.
[Parameter(Mandatory)] [string]$Identity,
        # Enables administrators to provide explanatory text to accompany a Teams app setup policy.
[string]$Description,
        # If you turn this on, the user's existing app pins will be added to the list of pinned apps set in this policy. Users can rearrange, add, and remove pins as they choose. If you turn this off, the user's existing app pins will be removed and replaced with the apps defined in this policy.
[bool]$AllowUserPinning,
        # This is also known as side loading. This setting determines if a user can upload a custom app package in the Teams app. Turning it on lets you create or develop a custom app to be used personally or across your organization without having to submit it to the Teams app store. Uploading a custom app also lets you test an app before you distribute it more widely by only assigning it to a single user or group of users.
[bool]$AllowSideLoading,
        # Present ensures the instance exists, absent ensures it is removed.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the workload's Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'TeamsAppSetupPolicy' -Workload 'Teams' -Verb 'Get' -CallerParams $PSBoundParameters
}