Examples/Resources/IntuneDeviceCompliancePolicyWindows10/1-NewIntuneDeviceCompliancePolicyWindows10.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<#
This example creates a new Device Comliance Policy for MacOS.
#>


Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $credsGlobalAdmin
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        IntuneDeviceCompliancePolicyWindows10 MyCustomWindows10Policy
        {
            DisplayName                                 = "Windows 10 DSC Policy";
            Description                                 = "Test policy";
            PasswordRequired                            = $False;
            PasswordBlockSimple                         = $False;
            PasswordRequiredToUnlockFromIdle            = $True;
            PasswordMinutesOfInactivityBeforeLock       = 15;
            PasswordExpirationDays                      = 365;
            PasswordMinimumLength                       = 6;
            PasswordMinutesOfInactivityBeforeLock       = 5;
            PasswordPreviousPasswordBlockCount          = 13;
            PasswordMinimumCharacterSetCount            = 1;
            PasswordRequiredType                        = "Devicedefault";
            RequireHealthyDeviceReport                  = $True;
            OsMinimumVersion                            = 10;
            OsMaximumVersion                            = 10.19;
            MobileOsMinimumVersion                      = 10;
            MobileOsMaximumVersion                      = 10.19;
            EarlyLaunchAntiMalwareDriverEnabled         = $False;
            BitLockerEnabled                            = $False;
            SecureBootEnabled                           = $True;
            CodeIntegrityEnabled                        = $True;
            StorageRequireEncryption                    = $True;
            ActiveFirewallRequired                      = $True;
            DefenderEnabled                             = $True;
            DefenderVersion                             = "";
            SignatureOutOfDate                          = $True;
            RtpEnabled                                  = $True;
            AntivirusRequired                           = $True;
            AntiSpywareRequired                         = $True;
            DeviceThreatProtectionEnabled               = $True;
            DeviceThreatProtectionRequiredSecurityLevel = "Medium";
            ConfigurationManagerComplianceRequired      = $False;
            TPMRequired                                 = $False;
            deviceCompliancePolicyScript                = $null;
            ValidOperatingSystemBuildRanges             = [];
            Ensure                                      = 'Present';
            GlobalAdminAccount                          = $GlobalAdminAccount;
        }
    }
}