Microsoft365DSC

1.24.313.1

DSCResources/MSFT_IntuneDeviceConfigurationPolicyMacOS/MSFT_IntuneDeviceConfigurationPolicyMacOS.schema.mof

                                [ClassVersion("1.0.0.0")]

class MSFT_DeviceManagementConfigurationPolicyAssignments

{

    [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;

    [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;

    [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;

    [Write, Description("The group Id that is the target of the assignment.")] String groupId;

    [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;

    [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;

};

[ClassVersion("1.0.0")]

class MSFT_MicrosoftGraphapplistitemMacOS

{

    [Write, Description("Specify the odataType"), ValueMap{"#microsoft.graph.appleAppListItem"}, Values{"#microsoft.graph.appleAppListItem"}] String odataType;

    [Write, Description("The application or bundle identifier of the application")] String appId;

    [Write, Description("The Store URL of the application")] String appStoreUrl;

    [Write, Description("The application name")] String name;

    [Write, Description("The publisher of the application")] String publisher;

};

[ClassVersion("1.0.0")]

class MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem

{

    [Write, Description("Allow the app or process to control the Mac via the Accessibility subsystem."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String accessibility;

    [Write, Description("Allow or block access to contact information managed by Contacts."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String addressBook;

    [Write, Description("Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process."), EmbeddedInstance("MSFT_MicrosoftGraphmacosappleeventreceiver")] String appleEventsAllowedReceivers[];

    [Write, Description("Block access to camera app.")] Boolean blockCamera;

    [Write, Description("Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.")] Boolean blockListenEvent;

    [Write, Description("Block access to microphone.")] Boolean blockMicrophone;

    [Write, Description("Block app from capturing contents of system display. Requires macOS 10.15 or later.")] Boolean blockScreenCapture;

    [Write, Description("Allow or block access to event information managed by Calendar."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String calendar;

    [Write, Description("Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'.")] String codeRequirement;

    [Write, Description("The display name of the app, process, or executable.")] String displayName;

    [Write, Description("Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String fileProviderPresence;

    [Write, Description("The bundle ID or path of the app, process, or executable.")] String identifier;

    [Write, Description("A bundle ID is used to identify an app. A path is used to identify a process or executable."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType;

    [Write, Description("Allow or block access to music and the media library."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String mediaLibrary;

    [Write, Description("Allow or block access to images managed by Photos."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String photos;

    [Write, Description("Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String postEvent;

    [Write, Description("Allow or block access to information managed by Reminders."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String reminders;

    [Write, Description("Allow or block access to system speech recognition facility."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String speechRecognition;

    [Write, Description("Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.")] Boolean staticCodeValidation;

    [Write, Description("Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyAllFiles;

    [Write, Description("Allow or block access to Desktop folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDesktopFolder;

    [Write, Description("Allow or block access to Documents folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDocumentsFolder;

    [Write, Description("Allow or block access to Downloads folder."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyDownloadsFolder;

    [Write, Description("Allow or block access to network volumes. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyNetworkVolumes;

    [Write, Description("Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicyRemovableVolumes;

    [Write, Description("Allow app or process to access files used in system administration."), ValueMap{"notConfigured","enabled","disabled"}, Values{"notConfigured","enabled","disabled"}] String systemPolicySystemAdminFiles;

};

[ClassVersion("1.0.0")]

class MSFT_MicrosoftGraphmacosappleeventreceiver

{

    [Write, Description("Allow or block this app from receiving Apple events.")] Boolean allowed;

    [Write, Description("Code requirement for the app or binary that receives the Apple Event.")] String codeRequirement;

    [Write, Description("Bundle ID of the app or file path of the process or executable that receives the Apple Event.")] String identifier;

    [Write, Description("Use bundle ID for an app or path for a process or executable that receives the Apple Event."), ValueMap{"bundleID","path"}, Values{"bundleID","path"}] String identifierType;

};

[ClassVersion("1.0.0.0"), FriendlyName("IntuneDeviceConfigurationPolicyMacOS")]

class MSFT_IntuneDeviceConfigurationPolicyMacOS : OMI_BaseResource

{

    [Write, Description("Id of the Intune policy.")] String Id;

    [Key, Description("Display name of the Intune policy.")] String DisplayName;

    [Write, Description("Description of the Intune policy.")] String Description;

    [Write, Description("Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.")] Boolean AddingGameCenterFriendsBlocked;

    [Write, Description("Configures whether or not to allow AirDrop.")] Boolean AirDropBlocked;

    [Write, Description("Blocks users from unlocking their Mac with Apple Watch.")] Boolean AppleWatchBlockAutoUnlock;

    [Write, Description("Blocks users from taking photographs and videos.")] Boolean CameraBlocked;

    [Write, Description("Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots.")] Boolean ClassroomAppBlockRemoteScreenObservation;

    [Write, Description("Unprompted observation means that teachers can view screens without warning students first. This setting isn't available if you've blocked screenshots.")] Boolean ClassroomAppForceUnpromptedScreenObservation;

    [Write, Description("Students can join a class without prompting the teacher.")] Boolean ClassroomForceAutomaticallyJoinClasses;

    [Write, Description("Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.")] Boolean ClassroomForceRequestPermissionToLeaveClasses;

    [Write, Description("Teachers can lock a student's device or app without the student's approval.")] Boolean ClassroomForceUnpromptedAppAndDeviceLock;

    [Write, Description("Device compliance can be viewed in the Restricted Apps Compliance report."), ValueMap{"none","appsInListCompliant","appsNotInListCompliant"}, Values{"none","appsInListCompliant","appsNotInListCompliant"}] String CompliantAppListType;

    [Write, Description("List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType)."), EmbeddedInstance("MSFT_MicrosoftGraphapplistitemMacOS")] String CompliantAppsList[];

    [Write, Description("Configures whether or not to allow content caching.")] Boolean ContentCachingBlocked;

    [Write, Description("Block look up, a feature that looks up the definition of a highlighted word.")] Boolean DefinitionLookupBlocked;

    [Write, Description("Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. ")] String EmailInDomainSuffixes[];

    [Write, Description("Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.")] Boolean EraseContentAndSettingsBlocked;

    [Write, Description("Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.")] Boolean GameCenterBlocked;

    [Write, Description("Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.")] Boolean ICloudBlockActivityContinuation;

    [Write, Description("Blocks iCloud from syncing contacts.")] Boolean ICloudBlockAddressBook;

    [Write, Description("Blocks iCloud from syncing bookmarks.")] Boolean ICloudBlockBookmarks;

    [Write, Description("Blocks iCloud from syncing calendars.")] Boolean ICloudBlockCalendar;

    [Write, Description("Blocks iCloud from syncing documents and data.")] Boolean ICloudBlockDocumentSync;

    [Write, Description("Blocks iCloud from syncing mail.")] Boolean ICloudBlockMail;

    [Write, Description("Blocks iCloud from syncing notes.")] Boolean ICloudBlockNotes;

    [Write, Description("Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.")] Boolean ICloudBlockPhotoLibrary;

    [Write, Description("Blocks iCloud from syncing reminders.")] Boolean ICloudBlockReminders;

    [Write, Description("Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.")] Boolean ICloudDesktopAndDocumentsBlocked;

    [Write, Description("Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.")] Boolean ICloudPrivateRelayBlocked;

    [Write, Description("Blocks files from being transferred using iTunes.")] Boolean ITunesBlockFileSharing;

    [Write, Description("Configures  whether or not to block files from being transferred using iTunes.")] Boolean ITunesBlockMusicService;

    [Write, Description("Block dictation, which is a feature that converts the user's voice to text.")] Boolean KeyboardBlockDictation;

    [Write, Description("Disables syncing credentials stored in the Keychain to iCloud")] Boolean KeychainBlockCloudSync;

    [Write, Description("Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.")] Boolean MultiplayerGamingBlocked;

    [Write, Description("Configures whether or not to block sharing passwords with the AirDrop passwords feature.")] Boolean PasswordBlockAirDropSharing;

    [Write, Description("Configures whether or not to block the AutoFill Passwords feature.")] Boolean PasswordBlockAutoFill;

    [Write, Description("Requires user to set a non-biometric passcode or password to unlock the device.")] Boolean PasswordBlockFingerprintUnlock;

    [Write, Description("Blocks user from changing the set passcode.")] Boolean PasswordBlockModification;

    [Write, Description("Configures whether or not to block requesting passwords from nearby devices.")] Boolean PasswordBlockProximityRequests;

    [Write, Description("Block simple password sequences, such as 1234 or 1111.")] Boolean PasswordBlockSimple;

    [Write, Description("Number of days until device password must be changed. (1-65535)")] UInt32 PasswordExpirationDays;

    [Write, Description("Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11")] UInt32 PasswordMaximumAttemptCount;

    [Write, Description("Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.")] UInt32 PasswordMinimumCharacterSetCount;

    [Write, Description("Minimum number of digits or characters in password (4-16).")] UInt32 PasswordMinimumLength;

    [Write, Description("Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeLock;

    [Write, Description("Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.")] UInt32 PasswordMinutesOfInactivityBeforeScreenTimeout;

    [Write, Description("Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.")] UInt32 PasswordMinutesUntilFailedLoginReset;

    [Write, Description("Number of new passwords that must be used until an old one can be reused. (1-24)")] UInt32 PasswordPreviousPasswordBlockCount;

    [Write, Description("Specify the type of password required.")] Boolean PasswordRequired;

    [Write, Description("Specify the type of password required."), ValueMap{"deviceDefault","alphanumeric","numeric"}, Values{"deviceDefault","alphanumeric","numeric"}] String PasswordRequiredType;

    [Write, Description("Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later."), EmbeddedInstance("MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem")] String PrivacyAccessControls[];

    [Write, Description("Blocks Safari from remembering what users enter in web forms.")] Boolean SafariBlockAutofill;

    [Write, Description("Configures whether or not to block the user from taking Screenshots.")] Boolean ScreenCaptureBlocked;

    [Write, Description("Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMajorOSDeferredInstallDelayInDays;

    [Write, Description("Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateMinorOSDeferredInstallDelayInDays;

    [Write, Description("Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90")] UInt32 SoftwareUpdateNonOSDeferredInstallDelayInDays;

    [Write, Description("Delay the user's software update for this many days. The maximum is 90 days. (1-90)")] UInt32 SoftwareUpdatesEnforcedDelayInDays;

    [Write, Description("Blocks Spotlight from returning any results from an Internet search")] Boolean SpotlightBlockInternetResults;

    [Write, Description("Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647")] UInt32 TouchIdTimeoutInHours;

    [Write, Description("Configures whether to delay OS and/or app updates for macOS."), ValueMap{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}, Values{"none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"}] String UpdateDelayPolicy[];

    [Write, Description("Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.")] Boolean WallpaperModificationBlocked;

    [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[];

    [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;

    [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;

    [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

    [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;

    [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;

    [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;

    [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;

};