DSCResources/MSFT_AADAuthorizationPolicy/MSFT_AADAuthorizationPolicy.schema.mof

[ClassVersion("1.0.0.0"), FriendlyName("AADAuthorizationPolicy")]
class MSFT_AADAuthorizationPolicy : OMI_BaseResource
{
    [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
    [Write, Description("Display name for this policy.")] String DisplayName;
    [Write, Description("Description of this policy.")] String Description;
    [Write, Description("Boolean Indicates whether users can sign up for email based subscriptions.")] Boolean AllowedToSignUpEmailBasedSubscriptions;
    [Write, Description("Boolean Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant.")] Boolean AllowedToUseSSPR;
    [Write, Description("Boolean Indicates whether a user can join the tenant by email validation.")] Boolean AllowEmailVerifiedUsersToJoinOrganization;
    [Write, Description("Indicates who can invite external users to the organization. Possible values are: None, AdminsAndGuestInviters, AdminsGuestInvitersAndAllMembers, Everyone. Everyone is the default setting for all cloud environments except US Government."), ValueMap{"None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"}, Values{"None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"}] String AllowInvitesFrom;
    [Write, Description("Boolean To disable the use of MSOL PowerShell, set this property to true. This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph.")] Boolean BlockMsolPowershell;
    [Write, Description("Boolean Indicates whether the default user role can create applications.")] Boolean DefaultUserRoleAllowedToCreateApps;
    [Write, Description("Boolean Indicates whether the default user role can create security groups.")] Boolean DefaultUserRoleAllowedToCreateSecurityGroups;
    [Write, Description("Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.")] Boolean DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice;
    [Write, Description("Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Azure portal. When this setting is false, users assigned the Tenant Creator role can still create tenants.")] Boolean DefaultUserRoleAllowedToCreateTenants;
    [Write, Description("Boolean Indicates whether the default user role can read other users.")] Boolean DefaultUserRoleAllowedToReadOtherUsers;
    [Write, Description("The role that should be granted to guest users. Refer to List unifiedRoleDefinitions to find the list of available role templates. Only supported roles today are User, Guest User, and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b)."), ValueMap{"Guest","RestrictedGuest","User"}, Values{"Guest","RestrictedGuest","User"}] String GuestUserRole;
    [Write, Description("String collection Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id}, where {id} is the id of a built-in or custom app consent policy. An empty list indicates user consent to apps is disabled.")] String PermissionGrantPolicyIdsAssignedToDefaultUserRole[];
    [Write, Description("Specify that the Azure Authorization Policy should exist."), ValueMap{"Present"}, Values{"Present"}] String Ensure;
    [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] String Credential;
    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
    [Write, Description("Secret of the Azure Active Directory application to authenticate with."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
};