source/Private/RJFeatures.Development.psd1
|
# RealmJoin Feature Definitions Configuration - Development Environment # This PSD1 file contains the centralized configuration for all RealmJoin features in Development @{ Features = @( @{ Name = 'Client' Description = 'RealmJoin Agent - Client application for device management' AppId = '008c704d-20fe-4c15-bab0-c2e6f66a992c' Permissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All' ) ReadOnlyPermissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All' ) IsMandatory = $false Category = 'Client' }, @{ Name = 'RealmJoinPortal' Description = 'Core portal functionality for user self-service and admin interaction' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'User.Read.All', 'Device.Read.All', 'Group.ReadWrite.All', 'GroupMember.ReadWrite.All', 'DeviceManagementManagedDevices.Read.All', 'DeviceManagementApps.ReadWrite.All' ) ReadOnlyPermissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All', 'GroupMember.Read.All', 'DeviceManagementManagedDevices.Read.All', 'DeviceManagementApps.Read.All' ) IsMandatory = $true Category = 'Portal' }, @{ Name = 'IntuneLAPS' Description = 'Retrieve and manage local admin passwords via Intune LAPS' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceLocalCredential.Read.All' ) ReadOnlyPermissions = @( 'DeviceLocalCredential.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'ShowSignin' Description = 'Display user sign-in history and audit logs' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'AuditLog.Read.All' ) ReadOnlyPermissions = @( 'AuditLog.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'Autopilot' Description = 'View Windows Autopilot deployment profiles and status' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementServiceConfig.Read.All' ) ReadOnlyPermissions = @( 'DeviceManagementServiceConfig.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'DeviceIntuneActions' Description = 'Execute privileged device actions (sync, restart, wipe, etc.)' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementManagedDevices.PrivilegedOperations.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'DeviceHealthScript' Description = 'Manage and deploy PowerShell remediation scripts to devices' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementScripts.ReadWrite.All' ) ReadOnlyPermissions = @( 'DeviceManagementScripts.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'SecurityFeatures' Description = 'Advanced threat protection and security analytics (requires MDE licenses)' AppId = 'e5713826-15ee-4f6c-91ee-56cb1844e275' Permissions = @( # Most permissions commented out for development safety # 'AdvancedQuery.Read.All', # 'Alert.Read.All', # 'File.Read.All', # 'Ip.Read.All', # 'Machine.Read.All', # 'Score.Read.All', # 'SecurityConfiguration.Read.All', # 'SecurityRecommendation.Read.All', # 'Software.Read.All', # 'Ti.Read.All', # 'Url.Read.All', 'User.Read.All' # 'Vulnerability.Read.All' ) ReadOnlyPermissions = @( # All security permissions are already read-only in development 'User.Read.All' ) IsMandatory = $false Category = 'Security' } ) # Legacy applications that should be removed from tenants LegacyApps = @( @{ AppId = '61fcb903-2868-4c54-91cd-2716c62c5007' DisplayName = 'RealmJoin Portal - Core Features' } ) } |