source/Private/RJFeatures.Production.psd1
|
@{ Features = @( @{ Name = 'Client' Description = 'RealmJoin Agent - Client application for device management' AppId = '008c704d-20fe-4c15-bab0-c2e6f66a992c' Permissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All' ) ReadOnlyPermissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All' ) IsMandatory = $false Category = 'Client' }, @{ Name = 'RealmJoinPortal' Description = 'Core portal functionality for user self-service and admin interaction' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'User.Read.All', 'Device.Read.All', 'Group.ReadWrite.All', 'GroupMember.ReadWrite.All', 'DeviceManagementManagedDevices.Read.All', 'DeviceManagementApps.ReadWrite.All' ) ReadOnlyPermissions = @( 'User.Read.All', 'Device.Read.All', 'Group.Read.All', 'GroupMember.Read.All', 'DeviceManagementManagedDevices.Read.All', 'DeviceManagementApps.Read.All' ) IsMandatory = $true Category = 'Portal' }, @{ Name = 'IntuneLAPS' Description = 'Retrieve and manage local admin passwords via Intune LAPS' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceLocalCredential.Read.All' ) ReadOnlyPermissions = @( 'DeviceLocalCredential.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'ShowSignin' Description = 'Display user sign-in history and audit logs' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'AuditLog.Read.All' ) ReadOnlyPermissions = @( 'AuditLog.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'Autopilot' Description = 'View Windows Autopilot deployment profiles and status' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementServiceConfig.Read.All' ) ReadOnlyPermissions = @( 'DeviceManagementServiceConfig.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'DeviceIntuneActions' Description = 'Execute privileged device actions (sync, restart, wipe, etc.)' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementManagedDevices.PrivilegedOperations.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'DeviceHealthScript' Description = 'Manage and deploy PowerShell remediation scripts to devices' AppId = 'b0130885-16be-4c6f-83de-5b1042b5d2e3' Permissions = @( 'DeviceManagementScripts.ReadWrite.All' ) ReadOnlyPermissions = @( 'DeviceManagementScripts.Read.All' ) IsMandatory = $false Category = 'Portal' }, @{ Name = 'SecurityFeatures' Description = 'Advanced threat protection and security analytics (requires MDE licenses)' AppId = 'e5713826-15ee-4f6c-91ee-56cb1844e275' Permissions = @( 'AdvancedQuery.Read.All', 'Alert.Read.All', 'File.Read.All', 'Ip.Read.All', 'Machine.Read.All', 'Score.Read.All', 'SecurityConfiguration.Read.All', 'SecurityRecommendation.Read.All', 'Software.Read.All', 'Ti.Read.All', 'Url.Read.All', 'User.Read.All', 'Vulnerability.Read.All' ) ReadOnlyPermissions = @( 'AdvancedQuery.Read.All', 'Alert.Read.All', 'File.Read.All', 'Ip.Read.All', 'Machine.Read.All', 'Score.Read.All', 'SecurityConfiguration.Read.All', 'SecurityRecommendation.Read.All', 'Software.Read.All', 'Ti.Read.All', 'Url.Read.All', 'User.Read.All', 'Vulnerability.Read.All' ) IsMandatory = $false Category = 'Security' } ) # Legacy applications that should be removed from tenants LegacyApps = @( @{ AppId = '61fcb903-2868-4c54-91cd-2716c62c5007' DisplayName = 'RealmJoin Portal - Core Features' } ) } |