diff --git a/CHANGELOG.md b/CHANGELOG.md index 67ee8001c0..6b89a9c8f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,19 +1,46 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.1218.1 + +* AADApplication + * Added support for Oauth2PermissionScopes. + * Fixes comparison issue for permissions. +* EXOTransportRule + * Fixes issue extracting arrays in Get-TargetResource. + * FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575) +* TeamsMeetingPolicy + * Adds support for additional Copilot setting value. + * FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573) + * FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550) +* MISC + * Fixed the Fabric web request to use basic parsing. + * Reset only necessary authentication context. +* M365DSCUtil + * Update `Get-M365DSCWorkloadsListFromResourceNames` function for more input types. + FIXES [#5525](https://github.com/microsoft/Microsoft365DSC/issues/5525) +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.202. + * Updated MSCloudLoginAssistant to version 1.1.31. # 1.24.1211.1 * AADApplication * Changed logic to remove all permissions when an empty array is specified. FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) + * Changed logic to update AppRoles by first disabling the entry. + FIXES [#5524](https://github.com/microsoft/Microsoft365DSC/issues/5524) * AADFeatureRolloutPolicy * Fixed policy retrieval FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) +* AADRoleEligibilityScheduleRequest + * Changed logic to retrieve instance by Service Principal with custom role. + FIXES [#5532](https://github.com/microsoft/Microsoft365DSC/issues/5532) * IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile * Fixing issue with the way the QrCodeImage property was exported and handled. * IntuneFirewallPolicyWindows10 * Fix export of properties that appear multiple times in subsections. +* IntuneSecurityBaselineWindows10 + * Initial release. * M365DSCDRGUtil * Improve settings catalog handling for nested objects. * M365DSCResourceGenerator diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 index ecc41b20ff..a266c3ce52 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAccessReviewDefinition/MSFT_AADAccessReviewDefinition.psm1 @@ -792,6 +792,11 @@ function Export-TargetResource } foreach ($config in $getValue) { + if ($null -ne $Global:M365DSCExportResourceInstancesCount) + { + $Global:M365DSCExportResourceInstancesCount++ + } + $displayedKey = $config.Id if (-not [String]::IsNullOrEmpty($config.displayName)) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 index 104f0d3693..6287779158 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1 @@ -1149,9 +1149,8 @@ function Export-TargetResource $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Members' -IsCIMArray $true $currentDSCBlock = $currentDSCBlock.Replace("`",`"`r`n", '') $currentDSCBlock = $currentDSCBlock.Replace(",`r`n", '').Replace("`");`r`n", ");`r`n") - $currentDSCBlock = $currentDSCBlock.Replace("Members = @(`"", 'Members = @(') - $currentDSCBlock = $currentDSCBlock.Replace("`$OrganizationName'", "' + `$OrganizationName") } + $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 index 7e2297c501..fd8647a090 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1 @@ -275,7 +275,24 @@ function Get-TargetResource $complexPreAuthorizedApplications += $myPreAuthorizedApplications } } + + $complexOAuth2Scopes = @() + foreach ($currentOAuth2Scope in $AADApp.api.Oauth2PermissionScopes) + { + $complexOAuth2Scopes += @{ + adminConsentDescription = $currentOAuth2Scope.adminConsentDescription + adminConsentDisplayName = $currentOAuth2Scope.adminConsentDisplayName + id = $currentOAuth2Scope.id + isEnabled = $currentOAuth2Scope.isEnabled + type = $currentOAuth2Scope.type + userConsentDescription = $currentOAuth2Scope.userConsentDescription + userConsentDisplayName = $currentOAuth2Scope.userConsentDisplayName + value = $currentOAuth2Scope.value + } + } + $complexApi.Add('PreAuthorizedApplications', $complexPreAuthorizedApplications) + $complexApi.Add('Oauth2PermissionScopes', $complexOAuth2Scopes) if ($complexApi.values.Where({ $null -ne $_ }).Count -eq 0) { $complexApi = $null @@ -736,18 +753,56 @@ function Set-TargetResource } $currentParameters.Remove('AvailableToOtherTenants') | Out-Null $currentParameters.Remove('PublicClient') | Out-Null + $currentParameters.Remove('Verbose') | Out-Null - if ($currentParameters.KnownClientApplications) + #region API + $apiValue = @{} + if ($currentParameters.Api.KnownClientApplications) + { + $apiValue.Add('KnownClientApplications', $currentParameters.Api.KnownClientApplications) + } + if ($currentParameters.Api.Oauth2PermissionScopes) { - $apiValue = @{ - KnownClientApplications = $currentParameters.KnownClientApplications + Write-Verbose -Message "Oauth2PermissionScopes specified and is not empty" + $scopeValue = @() + foreach ($scope in $currentParameters.Api.Oauth2PermissionScopes) + { + $scopeEntry = @{ + adminConsentDescription = $scope.adminConsentDescription + adminConsentDisplayName = $scope.adminConsentDisplayName + isEnabled = $scope.isEnabled + type = $scope.type + userConsentDescription = $scope.userConsentDescription + userConsentDisplayName = $scope.userConsentDisplayName + value = $scope.value + } + if (-not [System.String]::IsNullOrEmpty($scope.id)) + { + Write-Verbose -Message "Adding existing scope id {$($scope.id)}" + $scopeEntry.Add('id', $scope.id) + } + else + { + Write-Verbose -Message "Generating new scope id" + $scopeEntry.Add('id', (New-Guid).ToString()) + } + + $scopeValue += $scopeEntry } - $currentParameters.Add('Api', $apiValue) - $currentParameters.Remove('KnownClientApplications') | Out-Null + $apiValue.Add('Oauth2PermissionScopes', $scopeValue) + } + $currentParameters.Remove('KnownClientApplications') | Out-Null + #endregion + + if ($currentParameters.ContainsKey('Api')) + { + Write-Verbose "Found existing API parameter. Updating with $(Convert-M365DscHashtableToString -Hashtable $apiValue)" + $currentParameters.Api = $apiValue } else { - $currentParameters.Remove('KnownClientApplications') | Out-Null + Write-Verbose "Adding API parameter with $(Convert-M365DscHashtableToString -Hashtable $apiValue)" + $currentParameters.Add('Api', $apiValue) } if ($ReplyUrls -or $LogoutURL -or $Homepage) @@ -774,7 +829,6 @@ function Set-TargetResource $currentParameters.Remove('Homepage') | Out-Null $currentParameters.Remove('OnPremisesPublishing') | Out-Null - $keys = (([Hashtable]$currentParameters).clone()).Keys foreach ($key in $keys) { @@ -859,6 +913,7 @@ function Set-TargetResource $currentParameters.Remove('ApplicationTemplateId') | Out-Null Write-Verbose -Message "Creating New AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)" + Write-Verbose -Message "Parameters with API: $(ConvertTo-Json $currentParameters -Depth 10)" $currentAADApp = New-MgApplication @currentParameters Write-Verbose -Message "Azure AD Application {$DisplayName} was successfully created" $needToUpdatePermissions = $true @@ -888,6 +943,8 @@ function Set-TargetResource } $currentParameters.Add('ApplicationId', $AppIdValue) + $currentParameters.Remove('AppRoles') | Out-Null + Write-Verbose -Message "Updating existing AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)" Update-MgApplication @currentParameters @@ -898,6 +955,62 @@ function Set-TargetResource $needToUpdatePermissions = $true $needToUpdateAuthenticationBehaviors = $true $needToUpdateKeyCredentials = $true + + # Update AppRoles + if ($null -ne $AppRoles) + { + Write-Verbose -Message "AppRoles were specified." + + # Find roles to Remove + $fixedRoles = @() + $rolesToRemove = @() + foreach ($currentRole in $currentAADApp.AppRoles) + { + $associatedDesiredRoleEntry = $AppRoles | Where-Object -FilterScript {$_.DisplayName -eq $currentRole.DisplayName} + if ($null -eq $associatedDesiredRoleEntry) + { + Write-Verbose -Message "Could not find matching AppRole entry in Desired values for {$($currentRole.DisplayName)}. Will remove role." + $fixedRole = $currentRole + $fixedRole.IsEnabled = $false + $fixedRoles += $fixedRole + $rolesToRemove += $currentRole.DisplayName + } + else + { + Write-Verbose -Message "Found matching AppRole entry in Desired values for {$($currentRole.DisplayName)}. Keeping same value as current, but setting to disable." + $entry = @{ + AllowedMemberTypes = $currentRole.AllowedMemberTypes + Id = $currentRole.Id + IsEnabled = $false + Origin = $currentRole.Origin + Value = $currentRole.Value + DisplayName = $currentRole.DisplayName + Description = $currentRole.Description + } + $fixedRoles += $entry + } + } + + Write-Verbose -Message "Updating AppRoles with the disabled roles to remove: {$($rolesToRemove -join ',')}" + Update-MgApplication -ApplicationId $currentAADApp.ObjectId -AppRoles $fixedRoles + + Write-Verbose -Message "Updating the app a second time, this time removing the app roles {$($rolesToRemove -join ',')} and updating the others." + $resultingAppRoles = @() + foreach ($currentAppRole in $AppRoles) + { + $entry = @{ + AllowedMemberTypes = $currentAppRole.AllowedMemberTypes + Id = $currentAppRole.Id + IsEnabled = $currentAppRole.IsEnabled + Origin = $currentAppRole.Origin + Value = $currentAppRole.Value + DisplayName = $currentAppRole.DisplayName + Description = $currentAppRole.Description + } + $resultingAppRoles += $entry + } + Update-MgApplication -ApplicationId $currentAADApp.ObjectId -AppRoles $resultingAppRoles + } } # App exists but should not elseif ($Ensure -eq 'Absent' -and $currentAADApp.Ensure -eq 'Present') @@ -985,7 +1098,7 @@ function Set-TargetResource $allRequiredAccess = @() } else - { + { $allSourceAPIs = $Permissions.SourceAPI | Select-Object -Unique $allRequiredAccess = @() @@ -1039,6 +1152,10 @@ function Set-TargetResource { $roleId = $role.Id } + if ([System.String]::IsNullOrEmpty($roleId)) + { + throw "Could not find associated role {$($permission.Name)} for API {$($sourceAPI)}" + } $appPermission = @{ Id = $roleId Type = 'Role' @@ -1054,6 +1171,7 @@ function Set-TargetResource } Write-Verbose -Message "Updating permissions for Azure AD Application {$($currentAADApp.DisplayName)} with RequiredResourceAccess:`r`n$($allRequiredAccess | Out-String)" + Write-Verbose -Message "ResourceAccess:`r`n$($allRequiredAccess.ResourceAccess | Out-String)" Write-Verbose -Message "Current App Id: $($currentAADApp.AppId)" # Even if the property is named ApplicationId, we need to pass in the ObjectId @@ -1072,7 +1190,8 @@ function Set-TargetResource requireClientServicePrincipal = $AuthenticationBehaviors.requireClientServicePrincipal } - Update-MgBetaApplication -ApplicationId $currentAADApp.Id -AuthenticationBehaviors $IAuthenticationBehaviors | Out-Null + Update-MgBetaApplication -ApplicationId $currentAADApp.Id ` + -AuthenticationBehaviors $IAuthenticationBehaviors | Out-Null } if ($needToUpdateKeyCredentials -and $KeyCredentials) @@ -1307,8 +1426,8 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters - if ($CurrentValues.Permissions.Length -gt 0 -and ` - $null -ne $CurrentValues.Permissions.Name) + if ($CurrentValues.Permissions.Length -gt 0 -and $null -ne $CurrentValues.Permissions.Name -and ` + $null -ne $Permissions) { $differenceObject = $Permissions.Name if ($null -eq $differenceObject) @@ -1506,6 +1625,11 @@ function Export-TargetResource CimInstanceName = 'MicrosoftGraphPreAuthorizedApplication' IsRequired = $False } + @{ + Name = 'Oauth2PermissionScopes' + CimInstanceName = 'MSFT_MicrosoftGraphApiOauth2PermissionScopes' + IsRequired = $False + } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.Api ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof index 21e278cc40..d64409ef93 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof @@ -82,10 +82,26 @@ class MSFT_MicrosoftGraphPreAuthorizedApplication [Write, Description("The unique identifier for the scopes the client application is granted.")] String PermissionIds[]; }; +[ClassVersion("1.0.0")] +class MSFT_MicrosoftGraphApiOauth2PermissionScopes +{ + [Write, Description("A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences.")] String adminConsentDescription; + [Write, Description("The permission's title, intended to be read by an administrator granting the permission on behalf of all users.")] String adminConsentDisplayName; + [Write, Description("A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.")] String userConsentDescription; + [Write, Description("A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.")] String userConsentDisplayName; + [Write, Description("Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length.")] String value; + [Write, Description("When you create or update a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed.")] Boolean isEnabled; + [Write, Description("The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required.")] String type; + [Write, Description("Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application.")] String id; + +}; + [ClassVersion("1.0.0")] class MSFT_MicrosoftGraphApiApplication { [Write, Description("Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent."), EmbeddedInstance("MSFT_MicrosoftGraphPreAuthorizedApplication")] String PreAuthorizedApplications[]; + [Write, Description("List of associated API scopes."), EmbeddedInstance("MSFT_MicrosoftGraphAPIOauth2PermissionScopes")] String Oauth2PermissionScopes[]; + }; [ClassVersion("1.0.0")] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 index 5704447962..7c019e5dab 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleAssignmentScheduleRequest/MSFT_AADRoleAssignmentScheduleRequest.psm1 @@ -148,10 +148,24 @@ function Get-TargetResource [Array] $requests = Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest -Filter "PrincipalId eq '$($PrincipalInstance.Id)' and RoleDefinitionId eq '$($RoleDefinitionId)' and DirectoryScopeId eq '$($DirectoryScopeId)'" if ($requests.Length -eq 0) { - return $nullResult + Write-Verbose -Message "Trying to retrieve by reverse RoleId retrieval" + $partialRequests = Get-MgBetaRoleManagementDirectoryRoleAssignmentScheduleRequest -Filter "PrincipalId eq '$($PrincipalInstance.Id)' and DirectoryScopeId eq '$($DirectoryScopeId)'" + $reverseRoleId = $null + foreach ($partialRequest in $partialRequests) + { + $roleEntry = Get-MgBetaRoleManagementDirectoryRoleDefinition -UnifiedRoleDefinitionId $partialRequest.RoleDefinitionId | Where-Object -FilterScript {$_.DisplayName -eq $RoleDefinition} + if ($null -ne $roleEntry) + { + $request = $partialRequest + $RoleDefinitionId = $partialRequest.RoleDefinitionId + break + } + } + } + else + { + $request = $requests[0] } - - $request = $requests[0] } $schedules = Get-MgBetaRoleManagementDirectoryRoleAssignmentSchedule -Filter "PrincipalId eq '$($request.PrincipalId)'" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index 511422e668..3cebcf39a2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -138,7 +138,7 @@ $PrincipalValue = $PrincipalInstance.DisplayName } - Write-Verbose -Message 'Found Principal' + Write-Verbose -Message "Found Principal {$PrincipalValue}" $RoleDefinitionId = (Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "DisplayName eq '$RoleDefinition'").Id Write-Verbose -Message "Retrieved role definition {$RoleDefinition} with ID {$RoleDefinitionId}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 index 8563e58c42..079b515252 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOManagementRoleAssignment/MSFT_EXOManagementRoleAssignment.psm1 @@ -387,7 +387,7 @@ function Set-TargetResource Write-Verbose -Message 'Waiting for 20 seconds for new permissions to be effective.' Start-Sleep 20 Write-Verbose -Message 'Disconnecting from Exchange Online' - Reset-MSCloudLoginConnectionProfileContext + Reset-MSCloudLoginConnectionProfileContext -Workload ExchangeOnline } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 index d2c511a0ef..de0953b922 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOTransportRule/MSFT_EXOTransportRule.psm1 @@ -971,8 +971,8 @@ function Get-TargetResource foreach ($key in $inputParams.Keys) { $propertyInfo = $inputParams.$key - $curVar = Get-Variable -Name $key -ErrorAction SilentlyContinue - if ($propertyInfo.ParameterType.Name -eq 'String[]' -and $curVar -ne $null -and $curVar.Value -eq $null) + $curVar = $TransportRule.$key + if ($propertyInfo.ParameterType.Name -eq 'String[]' -and $curVar -eq $null) { $result.$key = @() } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 index c5594b62f9..25923165c7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_FabricAdminTenantSettings/MSFT_FabricAdminTenantSettings.psm1 @@ -574,7 +574,7 @@ function Get-TargetResource } else { - $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload 'Fabric').HostUrl + '/v1/admin/tenantsettings' $instance = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' } if ($null -eq $instance) @@ -1941,7 +1941,7 @@ function Export-TargetResource try { $Script:ExportMode = $true - $uri = (Get-MSCloudLoginConnectionProfile -Workload Fabric).HostUrl + '/v1/admin/tenantsettings' + $uri = (Get-MSCloudLoginConnectionProfile -Workload 'Fabric').HostUrl + '/v1/admin/tenantsettings' [array] $Script:exportedInstances = Invoke-M365DSCFabricWebRequest -Uri $uri -Method 'GET' if ($null -ne $Global:M365DSCExportResourceInstancesCount) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json index 3cbd96c4cf..0aaf8e4b0e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineDefenderForEndpoint/settings.json @@ -1,29 +1,41 @@ { - "resourceName": "IntuneSecurityBaselineDefenderForEndpoint", - "description": "This resource configures an Test Intune Security Baseline Defender For Endpoint.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "DeviceManagementConfiguration.Read.All" + "resourceName":"IntuneSecurityBaselineDefenderForEndpoint", + "description":"This resource configures an Test Intune Security Baseline Defender For Endpoint.", + "permissions":{ + "graph":{ + "delegated":{ + "read":[ + { + "name":"Group.Read.All" + }, + { + "name":"DeviceManagementConfiguration.Read.All" } ], - "update": [ + "update":[ + { + "name":"Group.Read.All" + }, { - "name": "DeviceManagementConfiguration.ReadWrite.All" + "name":"DeviceManagementConfiguration.ReadWrite.All" } ] }, - "application": { - "read": [ + "application":{ + "read":[ { - "name": "DeviceManagementConfiguration.Read.All" + "name":"Group.Read.All" + }, + { + "name":"DeviceManagementConfiguration.Read.All" } ], - "update": [ + "update":[ + { + "name":"Group.Read.All" + }, { - "name": "DeviceManagementConfiguration.ReadWrite.All" + "name":"DeviceManagementConfiguration.ReadWrite.All" } ] } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 new file mode 100644 index 0000000000..7a15e4a535 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.psm1 @@ -0,0 +1,2629 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Getting configuration of the Intune Security Baseline for Windows10 with Id {$Id} and Name {$DisplayName}" + + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + + $getValue = $null + #region resource generator code + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Id -ErrorAction SilentlyContinue + + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Id {$Id}" + + if (-not [System.String]::IsNullOrEmpty($DisplayName)) + { + $getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter "Name eq '$DisplayName'" ` + -ErrorAction SilentlyContinue + } + } + #endregion + if ($null -eq $getValue) + { + Write-Verbose -Message "Could not find an Intune Security Baseline for Windows10 with Name {$DisplayName}." + return $nullResult + } + $Id = $getValue.Id + Write-Verbose -Message "An Intune Security Baseline for Windows10 with Id {$Id} and Name {$DisplayName} was found" + + # Retrieve policy specific settings + [array]$settings = Get-MgBetaDeviceManagementConfigurationPolicySetting ` + -DeviceManagementConfigurationPolicyId $Id ` + -ExpandProperty 'settingDefinitions' ` + -All ` + -ErrorAction Stop + + $policySettings = @{} + $policySettings = Export-IntuneSettingCatalogPolicySettings -Settings $settings -ReturnHashtable $policySettings -ContainsDeviceAndUserSettings + + #region resource generator code + $complexDeviceSettings = @{} + if ($null -ne $policySettings.DeviceSettings.blockExecutionOfPotentiallyObfuscatedScripts) + { + $complexDeviceSettings.Add('BlockExecutionOfPotentiallyObfuscatedScripts', $policySettings.DeviceSettings.blockExecutionOfPotentiallyObfuscatedScripts) + } + if ($null -ne $policySettings.DeviceSettings.blockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockWin32APICallsFromOfficeMacros) + { + $complexDeviceSettings.Add('BlockWin32APICallsFromOfficeMacros', $policySettings.DeviceSettings.blockWin32APICallsFromOfficeMacros) + } + if ($null -ne $policySettings.DeviceSettings.blockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion) + { + $complexDeviceSettings.Add('BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion', $policySettings.DeviceSettings.blockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion) + } + if ($null -ne $policySettings.DeviceSettings.blockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeCommunicationAppFromCreatingChildProcesses) + { + $complexDeviceSettings.Add('BlockOfficeCommunicationAppFromCreatingChildProcesses', $policySettings.DeviceSettings.blockOfficeCommunicationAppFromCreatingChildProcesses) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockAllOfficeApplicationsFromCreatingChildProcesses) + { + $complexDeviceSettings.Add('BlockAllOfficeApplicationsFromCreatingChildProcesses', $policySettings.DeviceSettings.blockAllOfficeApplicationsFromCreatingChildProcesses) + } + if ($null -ne $policySettings.DeviceSettings.blockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockAdobeReaderFromCreatingChildProcesses) + { + $complexDeviceSettings.Add('BlockAdobeReaderFromCreatingChildProcesses', $policySettings.DeviceSettings.blockAdobeReaderFromCreatingChildProcesses) + } + if ($null -ne $policySettings.DeviceSettings.blockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem) + { + $complexDeviceSettings.Add('BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem', $policySettings.DeviceSettings.blockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem) + } + if ($null -ne $policySettings.DeviceSettings.blockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent) + { + $complexDeviceSettings.Add('BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent', $policySettings.DeviceSettings.blockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent) + } + if ($null -ne $policySettings.DeviceSettings.blockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockWebshellCreationForServers) + { + $complexDeviceSettings.Add('BlockWebshellCreationForServers', $policySettings.DeviceSettings.blockWebshellCreationForServers) + } + if ($null -ne $policySettings.DeviceSettings.blockWebshellCreationForServers_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockWebshellCreationForServers_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockWebshellCreationForServers_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockUntrustedUnsignedProcessesThatRunFromUSB) + { + $complexDeviceSettings.Add('BlockUntrustedUnsignedProcessesThatRunFromUSB', $policySettings.DeviceSettings.blockUntrustedUnsignedProcessesThatRunFromUSB) + } + if ($null -ne $policySettings.DeviceSettings.blockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockPersistenceThroughWMIEventSubscription) + { + $complexDeviceSettings.Add('BlockPersistenceThroughWMIEventSubscription', $policySettings.DeviceSettings.blockPersistenceThroughWMIEventSubscription) + } + if ($null -ne $policySettings.DeviceSettings.blockUseOfCopiedOrImpersonatedSystemTools) + { + $complexDeviceSettings.Add('BlockUseOfCopiedOrImpersonatedSystemTools', $policySettings.DeviceSettings.blockUseOfCopiedOrImpersonatedSystemTools) + } + if ($null -ne $policySettings.DeviceSettings.blockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockAbuseOfExploitedVulnerableSignedDrivers) + { + $complexDeviceSettings.Add('BlockAbuseOfExploitedVulnerableSignedDrivers', $policySettings.DeviceSettings.blockAbuseOfExploitedVulnerableSignedDrivers) + } + if ($null -ne $policySettings.DeviceSettings.blockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockProcessCreationsFromPSExecAndWMICommands) + { + $complexDeviceSettings.Add('BlockProcessCreationsFromPSExecAndWMICommands', $policySettings.DeviceSettings.blockProcessCreationsFromPSExecAndWMICommands) + } + if ($null -ne $policySettings.DeviceSettings.blockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeApplicationsFromCreatingExecutableContent) + { + $complexDeviceSettings.Add('BlockOfficeApplicationsFromCreatingExecutableContent', $policySettings.DeviceSettings.blockOfficeApplicationsFromCreatingExecutableContent) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeApplicationsFromInjectingCodeIntoOtherProcesses) + { + $complexDeviceSettings.Add('BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses', $policySettings.DeviceSettings.blockOfficeApplicationsFromInjectingCodeIntoOtherProcesses) + } + if ($null -ne $policySettings.DeviceSettings.blockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockRebootingMachineInSafeMode) + { + $complexDeviceSettings.Add('BlockRebootingMachineInSafeMode', $policySettings.DeviceSettings.blockRebootingMachineInSafeMode) + } + if ($null -ne $policySettings.DeviceSettings.blockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.useAdvancedProtectionAgainstRansomware) + { + $complexDeviceSettings.Add('UseAdvancedProtectionAgainstRansomware', $policySettings.DeviceSettings.useAdvancedProtectionAgainstRansomware) + } + if ($null -ne $policySettings.DeviceSettings.useAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.useAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.blockExecutableContentFromEmailClientAndWebmail) + { + $complexDeviceSettings.Add('BlockExecutableContentFromEmailClientAndWebmail', $policySettings.DeviceSettings.blockExecutableContentFromEmailClientAndWebmail) + } + if ($null -ne $policySettings.DeviceSettings.blockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions) + { + $complexDeviceSettings.Add('BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions', $policySettings.DeviceSettings.blockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions) + } + if ($null -ne $policySettings.DeviceSettings.cPL_Personalization_NoLockScreenCamera) + { + $complexDeviceSettings.Add('CPL_Personalization_NoLockScreenCamera', $policySettings.DeviceSettings.cPL_Personalization_NoLockScreenCamera) + } + if ($null -ne $policySettings.DeviceSettings.cPL_Personalization_NoLockScreenSlideshow) + { + $complexDeviceSettings.Add('CPL_Personalization_NoLockScreenSlideshow', $policySettings.DeviceSettings.cPL_Personalization_NoLockScreenSlideshow) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_0201_LATFP) + { + $complexDeviceSettings.Add('Pol_SecGuide_0201_LATFP', $policySettings.DeviceSettings.pol_SecGuide_0201_LATFP) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_0002_SMBv1_ClientDriver) + { + $complexDeviceSettings.Add('Pol_SecGuide_0002_SMBv1_ClientDriver', $policySettings.DeviceSettings.pol_SecGuide_0002_SMBv1_ClientDriver) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_SMB1ClientDriver) + { + $complexDeviceSettings.Add('Pol_SecGuide_SMB1ClientDriver', $policySettings.DeviceSettings.pol_SecGuide_SMB1ClientDriver) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_0001_SMBv1_Server) + { + $complexDeviceSettings.Add('Pol_SecGuide_0001_SMBv1_Server', $policySettings.DeviceSettings.pol_SecGuide_0001_SMBv1_Server) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_0102_SEHOP) + { + $complexDeviceSettings.Add('Pol_SecGuide_0102_SEHOP', $policySettings.DeviceSettings.pol_SecGuide_0102_SEHOP) + } + if ($null -ne $policySettings.DeviceSettings.pol_SecGuide_0202_WDigestAuthn) + { + $complexDeviceSettings.Add('Pol_SecGuide_0202_WDigestAuthn', $policySettings.DeviceSettings.pol_SecGuide_0202_WDigestAuthn) + } + if ($null -ne $policySettings.DeviceSettings.pol_MSS_DisableIPSourceRoutingIPv6) + { + $complexDeviceSettings.Add('Pol_MSS_DisableIPSourceRoutingIPv6', $policySettings.DeviceSettings.pol_MSS_DisableIPSourceRoutingIPv6) + } + if ($null -ne $policySettings.DeviceSettings.disableIPSourceRoutingIPv6) + { + $complexDeviceSettings.Add('DisableIPSourceRoutingIPv6', $policySettings.DeviceSettings.disableIPSourceRoutingIPv6) + } + if ($null -ne $policySettings.DeviceSettings.pol_MSS_DisableIPSourceRouting) + { + $complexDeviceSettings.Add('Pol_MSS_DisableIPSourceRouting', $policySettings.DeviceSettings.pol_MSS_DisableIPSourceRouting) + } + if ($null -ne $policySettings.DeviceSettings.disableIPSourceRouting) + { + $complexDeviceSettings.Add('DisableIPSourceRouting', $policySettings.DeviceSettings.disableIPSourceRouting) + } + if ($null -ne $policySettings.DeviceSettings.pol_MSS_EnableICMPRedirect) + { + $complexDeviceSettings.Add('Pol_MSS_EnableICMPRedirect', $policySettings.DeviceSettings.pol_MSS_EnableICMPRedirect) + } + if ($null -ne $policySettings.DeviceSettings.pol_MSS_NoNameReleaseOnDemand) + { + $complexDeviceSettings.Add('Pol_MSS_NoNameReleaseOnDemand', $policySettings.DeviceSettings.pol_MSS_NoNameReleaseOnDemand) + } + if ($null -ne $policySettings.DeviceSettings.turn_Off_Multicast) + { + $complexDeviceSettings.Add('Turn_Off_Multicast', $policySettings.DeviceSettings.turn_Off_Multicast) + } + if ($null -ne $policySettings.DeviceSettings.nC_ShowSharedAccessUI) + { + $complexDeviceSettings.Add('NC_ShowSharedAccessUI', $policySettings.DeviceSettings.nC_ShowSharedAccessUI) + } + if ($null -ne $policySettings.DeviceSettings.hardeneduncpaths_Pol_HardenedPaths) + { + $complexDeviceSettings.Add('hardeneduncpaths_Pol_HardenedPaths', $policySettings.DeviceSettings.hardeneduncpaths_Pol_HardenedPaths) + } + if ($null -ne $policySettings.DeviceSettings.pol_hardenedPaths) + { + $complexPol_hardenedpaths = @() + foreach ($currentPol_hardenedpaths in $policySettings.DeviceSettings.pol_hardenedPaths) + { + $myPol_hardenedpaths = @{} + if ($null -ne $currentPol_hardenedpaths.value) + { + $myPol_hardenedpaths.Add('Value', $currentPol_hardenedpaths.value) + } + if ($null -ne $currentPol_hardenedpaths.Key) + { + $myPol_hardenedpaths.Add('Key', $currentPol_hardenedpaths.key) + } + if ($myPol_hardenedpaths.values.Where({ $null -ne $_ }).Count -gt 0) + { + $complexPol_hardenedpaths += $myPol_hardenedpaths + } + } + $complexDeviceSettings.Add('pol_hardenedPaths', $complexPol_hardenedpaths) + } + if ($null -ne $policySettings.DeviceSettings.wCM_BlockNonDomain) + { + $complexDeviceSettings.Add('WCM_BlockNonDomain', $policySettings.DeviceSettings.wCM_BlockNonDomain) + } + if ($null -ne $policySettings.DeviceSettings.configureRedirectionGuardPolicy) + { + $complexDeviceSettings.Add('ConfigureRedirectionGuardPolicy', $policySettings.DeviceSettings.configureRedirectionGuardPolicy) + } + if ($null -ne $policySettings.DeviceSettings.redirectionGuardPolicy_Enum) + { + $complexDeviceSettings.Add('RedirectionGuardPolicy_Enum', $policySettings.DeviceSettings.redirectionGuardPolicy_Enum) + } + if ($null -ne $policySettings.DeviceSettings.configureRpcConnectionPolicy) + { + $complexDeviceSettings.Add('ConfigureRpcConnectionPolicy', $policySettings.DeviceSettings.configureRpcConnectionPolicy) + } + if ($null -ne $policySettings.DeviceSettings.rpcConnectionAuthentication_Enum) + { + $complexDeviceSettings.Add('RpcConnectionAuthentication_Enum', $policySettings.DeviceSettings.rpcConnectionAuthentication_Enum) + } + if ($null -ne $policySettings.DeviceSettings.rpcConnectionProtocol_Enum) + { + $complexDeviceSettings.Add('RpcConnectionProtocol_Enum', $policySettings.DeviceSettings.rpcConnectionProtocol_Enum) + } + if ($null -ne $policySettings.DeviceSettings.configureRpcListenerPolicy) + { + $complexDeviceSettings.Add('ConfigureRpcListenerPolicy', $policySettings.DeviceSettings.configureRpcListenerPolicy) + } + if ($null -ne $policySettings.DeviceSettings.rpcAuthenticationProtocol_Enum) + { + $complexDeviceSettings.Add('RpcAuthenticationProtocol_Enum', $policySettings.DeviceSettings.rpcAuthenticationProtocol_Enum) + } + if ($null -ne $policySettings.DeviceSettings.rpcListenerProtocols_Enum) + { + $complexDeviceSettings.Add('RpcListenerProtocols_Enum', $policySettings.DeviceSettings.rpcListenerProtocols_Enum) + } + if ($null -ne $policySettings.DeviceSettings.configureRpcTcpPort) + { + $complexDeviceSettings.Add('ConfigureRpcTcpPort', $policySettings.DeviceSettings.configureRpcTcpPort) + } + if ($null -ne $policySettings.DeviceSettings.rpcTcpPort) + { + $complexDeviceSettings.Add('RpcTcpPort', $policySettings.DeviceSettings.rpcTcpPort) + } + if ($null -ne $policySettings.DeviceSettings.restrictDriverInstallationToAdministrators) + { + $complexDeviceSettings.Add('RestrictDriverInstallationToAdministrators', $policySettings.DeviceSettings.restrictDriverInstallationToAdministrators) + } + if ($null -ne $policySettings.DeviceSettings.configureCopyFilesPolicy) + { + $complexDeviceSettings.Add('ConfigureCopyFilesPolicy', $policySettings.DeviceSettings.configureCopyFilesPolicy) + } + if ($null -ne $policySettings.DeviceSettings.copyFilesPolicy_Enum) + { + $complexDeviceSettings.Add('CopyFilesPolicy_Enum', $policySettings.DeviceSettings.copyFilesPolicy_Enum) + } + if ($null -ne $policySettings.DeviceSettings.allowEncryptionOracle) + { + $complexDeviceSettings.Add('AllowEncryptionOracle', $policySettings.DeviceSettings.allowEncryptionOracle) + } + if ($null -ne $policySettings.DeviceSettings.allowEncryptionOracleDrop) + { + $complexDeviceSettings.Add('AllowEncryptionOracleDrop', $policySettings.DeviceSettings.allowEncryptionOracleDrop) + } + if ($null -ne $policySettings.DeviceSettings.allowProtectedCreds) + { + $complexDeviceSettings.Add('AllowProtectedCreds', $policySettings.DeviceSettings.allowProtectedCreds) + } + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny) + { + $complexDeviceSettings.Add('DeviceInstall_Classes_Deny', $policySettings.DeviceSettings.deviceInstall_Classes_Deny) + } + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_List) + { + $complexDeviceSettings.Add('DeviceInstall_Classes_Deny_List', $policySettings.DeviceSettings.deviceInstall_Classes_Deny_List) + } + if ($null -ne $policySettings.DeviceSettings.deviceInstall_Classes_Deny_Retroactive) + { + $complexDeviceSettings.Add('DeviceInstall_Classes_Deny_Retroactive', $policySettings.DeviceSettings.deviceInstall_Classes_Deny_Retroactive) + } + if ($null -ne $policySettings.DeviceSettings.pOL_DriverLoadPolicy_Name) + { + $complexDeviceSettings.Add('POL_DriverLoadPolicy_Name', $policySettings.DeviceSettings.pOL_DriverLoadPolicy_Name) + } + if ($null -ne $policySettings.DeviceSettings.selectDriverLoadPolicy) + { + $complexDeviceSettings.Add('SelectDriverLoadPolicy', $policySettings.DeviceSettings.selectDriverLoadPolicy) + } + if ($null -ne $policySettings.DeviceSettings.cSE_Registry) + { + $complexDeviceSettings.Add('CSE_Registry', $policySettings.DeviceSettings.cSE_Registry) + } + if ($null -ne $policySettings.DeviceSettings.cSE_NOBACKGROUND10) + { + $complexDeviceSettings.Add('CSE_NOBACKGROUND10', $policySettings.DeviceSettings.cSE_NOBACKGROUND10) + } + if ($null -ne $policySettings.DeviceSettings.cSE_NOCHANGES10) + { + $complexDeviceSettings.Add('CSE_NOCHANGES10', $policySettings.DeviceSettings.cSE_NOCHANGES10) + } + if ($null -ne $policySettings.DeviceSettings.disableWebPnPDownload_2) + { + $complexDeviceSettings.Add('DisableWebPnPDownload_2', $policySettings.DeviceSettings.disableWebPnPDownload_2) + } + if ($null -ne $policySettings.DeviceSettings.shellPreventWPWDownload_2) + { + $complexDeviceSettings.Add('ShellPreventWPWDownload_2', $policySettings.DeviceSettings.shellPreventWPWDownload_2) + } + if ($null -ne $policySettings.DeviceSettings.allowCustomSSPsAPs) + { + $complexDeviceSettings.Add('AllowCustomSSPsAPs', $policySettings.DeviceSettings.allowCustomSSPsAPs) + } + if ($null -ne $policySettings.DeviceSettings.allowStandbyStatesDC_2) + { + $complexDeviceSettings.Add('AllowStandbyStatesDC_2', $policySettings.DeviceSettings.allowStandbyStatesDC_2) + } + if ($null -ne $policySettings.DeviceSettings.allowStandbyStatesAC_2) + { + $complexDeviceSettings.Add('AllowStandbyStatesAC_2', $policySettings.DeviceSettings.allowStandbyStatesAC_2) + } + if ($null -ne $policySettings.DeviceSettings.dCPromptForPasswordOnResume_2) + { + $complexDeviceSettings.Add('DCPromptForPasswordOnResume_2', $policySettings.DeviceSettings.dCPromptForPasswordOnResume_2) + } + if ($null -ne $policySettings.DeviceSettings.aCPromptForPasswordOnResume_2) + { + $complexDeviceSettings.Add('ACPromptForPasswordOnResume_2', $policySettings.DeviceSettings.aCPromptForPasswordOnResume_2) + } + if ($null -ne $policySettings.DeviceSettings.rA_Solicit) + { + $complexDeviceSettings.Add('RA_Solicit', $policySettings.DeviceSettings.rA_Solicit) + } + if ($null -ne $policySettings.DeviceSettings.rA_Solicit_ExpireUnits_List) + { + $complexDeviceSettings.Add('RA_Solicit_ExpireUnits_List', $policySettings.DeviceSettings.rA_Solicit_ExpireUnits_List) + } + if ($null -ne $policySettings.DeviceSettings.rA_Solicit_ExpireValue_Edt) + { + $complexDeviceSettings.Add('RA_Solicit_ExpireValue_Edt', $policySettings.DeviceSettings.rA_Solicit_ExpireValue_Edt) + } + if ($null -ne $policySettings.DeviceSettings.rA_Solicit_Control_List) + { + $complexDeviceSettings.Add('RA_Solicit_Control_List', $policySettings.DeviceSettings.rA_Solicit_Control_List) + } + if ($null -ne $policySettings.DeviceSettings.rA_Solicit_Mailto_List) + { + $complexDeviceSettings.Add('RA_Solicit_Mailto_List', $policySettings.DeviceSettings.rA_Solicit_Mailto_List) + } + if ($null -ne $policySettings.DeviceSettings.rpcRestrictRemoteClients) + { + $complexDeviceSettings.Add('RpcRestrictRemoteClients', $policySettings.DeviceSettings.rpcRestrictRemoteClients) + } + if ($null -ne $policySettings.DeviceSettings.rpcRestrictRemoteClientsList) + { + $complexDeviceSettings.Add('RpcRestrictRemoteClientsList', $policySettings.DeviceSettings.rpcRestrictRemoteClientsList) + } + if ($null -ne $policySettings.DeviceSettings.appxRuntimeMicrosoftAccountsOptional) + { + $complexDeviceSettings.Add('AppxRuntimeMicrosoftAccountsOptional', $policySettings.DeviceSettings.appxRuntimeMicrosoftAccountsOptional) + } + if ($null -ne $policySettings.DeviceSettings.noAutoplayfornonVolume) + { + $complexDeviceSettings.Add('NoAutoplayfornonVolume', $policySettings.DeviceSettings.noAutoplayfornonVolume) + } + if ($null -ne $policySettings.DeviceSettings.noAutorun) + { + $complexDeviceSettings.Add('NoAutorun', $policySettings.DeviceSettings.noAutorun) + } + if ($null -ne $policySettings.DeviceSettings.noAutorun_Dropdown) + { + $complexDeviceSettings.Add('NoAutorun_Dropdown', $policySettings.DeviceSettings.noAutorun_Dropdown) + } + if ($null -ne $policySettings.DeviceSettings.autorun) + { + $complexDeviceSettings.Add('Autorun', $policySettings.DeviceSettings.autorun) + } + if ($null -ne $policySettings.DeviceSettings.autorun_Box) + { + $complexDeviceSettings.Add('Autorun_Box', $policySettings.DeviceSettings.autorun_Box) + } + if ($null -ne $policySettings.DeviceSettings.fDVDenyWriteAccess_Name) + { + $complexDeviceSettings.Add('FDVDenyWriteAccess_Name', $policySettings.DeviceSettings.fDVDenyWriteAccess_Name) + } + if ($null -ne $policySettings.DeviceSettings.rDVDenyWriteAccess_Name) + { + $complexDeviceSettings.Add('RDVDenyWriteAccess_Name', $policySettings.DeviceSettings.rDVDenyWriteAccess_Name) + } + if ($null -ne $policySettings.DeviceSettings.rDVCrossOrg) + { + $complexDeviceSettings.Add('RDVCrossOrg', $policySettings.DeviceSettings.rDVCrossOrg) + } + if ($null -ne $policySettings.DeviceSettings.enumerateAdministrators) + { + $complexDeviceSettings.Add('EnumerateAdministrators', $policySettings.DeviceSettings.enumerateAdministrators) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_1) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_1', $policySettings.DeviceSettings.channel_LogMaxSize_1) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_1_Channel_LogMaxSize) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_1_Channel_LogMaxSize', $policySettings.DeviceSettings.channel_LogMaxSize_1_Channel_LogMaxSize) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_2) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_2', $policySettings.DeviceSettings.channel_LogMaxSize_2) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_2_Channel_LogMaxSize) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_2_Channel_LogMaxSize', $policySettings.DeviceSettings.channel_LogMaxSize_2_Channel_LogMaxSize) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_4) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_4', $policySettings.DeviceSettings.channel_LogMaxSize_4) + } + if ($null -ne $policySettings.DeviceSettings.channel_LogMaxSize_4_Channel_LogMaxSize) + { + $complexDeviceSettings.Add('Channel_LogMaxSize_4_Channel_LogMaxSize', $policySettings.DeviceSettings.channel_LogMaxSize_4_Channel_LogMaxSize) + } + if ($null -ne $policySettings.DeviceSettings.enableSmartScreen) + { + $complexDeviceSettings.Add('EnableSmartScreen', $policySettings.DeviceSettings.enableSmartScreen) + } + if ($null -ne $policySettings.DeviceSettings.enableSmartScreenDropdown) + { + $complexDeviceSettings.Add('EnableSmartScreenDropdown', $policySettings.DeviceSettings.enableSmartScreenDropdown) + } + if ($null -ne $policySettings.DeviceSettings.noDataExecutionPrevention) + { + $complexDeviceSettings.Add('NoDataExecutionPrevention', $policySettings.DeviceSettings.noDataExecutionPrevention) + } + if ($null -ne $policySettings.DeviceSettings.noHeapTerminationOnCorruption) + { + $complexDeviceSettings.Add('NoHeapTerminationOnCorruption', $policySettings.DeviceSettings.noHeapTerminationOnCorruption) + } + if ($null -ne $policySettings.DeviceSettings.advanced_InvalidSignatureBlock) + { + $complexDeviceSettings.Add('Advanced_InvalidSignatureBlock', $policySettings.DeviceSettings.advanced_InvalidSignatureBlock) + } + if ($null -ne $policySettings.DeviceSettings.advanced_CertificateRevocation) + { + $complexDeviceSettings.Add('Advanced_CertificateRevocation', $policySettings.DeviceSettings.advanced_CertificateRevocation) + } + if ($null -ne $policySettings.DeviceSettings.advanced_DownloadSignatures) + { + $complexDeviceSettings.Add('Advanced_DownloadSignatures', $policySettings.DeviceSettings.advanced_DownloadSignatures) + } + if ($null -ne $policySettings.DeviceSettings.advanced_DisableEPMCompat) + { + $complexDeviceSettings.Add('Advanced_DisableEPMCompat', $policySettings.DeviceSettings.advanced_DisableEPMCompat) + } + if ($null -ne $policySettings.DeviceSettings.advanced_SetWinInetProtocols) + { + $complexDeviceSettings.Add('Advanced_SetWinInetProtocols', $policySettings.DeviceSettings.advanced_SetWinInetProtocols) + } + if ($null -ne $policySettings.DeviceSettings.advanced_WinInetProtocolOptions) + { + $complexDeviceSettings.Add('Advanced_WinInetProtocolOptions', $policySettings.DeviceSettings.advanced_WinInetProtocolOptions) + } + if ($null -ne $policySettings.DeviceSettings.advanced_EnableEnhancedProtectedMode64Bit) + { + $complexDeviceSettings.Add('Advanced_EnableEnhancedProtectedMode64Bit', $policySettings.DeviceSettings.advanced_EnableEnhancedProtectedMode64Bit) + } + if ($null -ne $policySettings.DeviceSettings.advanced_EnableEnhancedProtectedMode) + { + $complexDeviceSettings.Add('Advanced_EnableEnhancedProtectedMode', $policySettings.DeviceSettings.advanced_EnableEnhancedProtectedMode) + } + if ($null -ne $policySettings.DeviceSettings.noCertError) + { + $complexDeviceSettings.Add('NoCertError', $policySettings.DeviceSettings.noCertError) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_1) + { + $complexDeviceSettings.Add('IZ_PolicyAccessDataSourcesAcrossDomains_1', $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406) + { + $complexDeviceSettings.Add('IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406', $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_1) + { + $complexDeviceSettings.Add('IZ_PolicyAllowPasteViaScript_1', $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_1_IZ_Partname1407) + { + $complexDeviceSettings.Add('IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407', $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_1_IZ_Partname1407) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_1) + { + $complexDeviceSettings.Add('IZ_PolicyDropOrPasteFiles_1', $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_1_IZ_Partname1802) + { + $complexDeviceSettings.Add('IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802', $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_1_IZ_Partname1802) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_XAML_1) + { + $complexDeviceSettings.Add('IZ_Policy_XAML_1', $policySettings.DeviceSettings.iZ_Policy_XAML_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_XAML_1_IZ_Partname2402) + { + $complexDeviceSettings.Add('IZ_Policy_XAML_1_IZ_Partname2402', $policySettings.DeviceSettings.iZ_Policy_XAML_1_IZ_Partname2402) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet) + { + $complexDeviceSettings.Add('IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet', $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b) + { + $complexDeviceSettings.Add('IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b', $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Internet) + { + $complexDeviceSettings.Add('IZ_PolicyAllowTDCControl_Both_Internet', $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Internet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c) + { + $complexDeviceSettings.Add('IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c', $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_1) + { + $complexDeviceSettings.Add('IZ_PolicyWindowsRestrictionsURLaction_1', $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102) + { + $complexDeviceSettings.Add('IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102', $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_1) + { + $complexDeviceSettings.Add('IZ_Policy_WebBrowserControl_1', $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_1_IZ_Partname1206) + { + $complexDeviceSettings.Add('IZ_Policy_WebBrowserControl_1_IZ_Partname1206', $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_1_IZ_Partname1206) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_1) + { + $complexDeviceSettings.Add('IZ_Policy_AllowScriptlets_1', $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_1_IZ_Partname1209) + { + $complexDeviceSettings.Add('IZ_Policy_AllowScriptlets_1_IZ_Partname1209', $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_1_IZ_Partname1209) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_1) + { + $complexDeviceSettings.Add('IZ_Policy_ScriptStatusBar_1', $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_1_IZ_Partname2103) + { + $complexDeviceSettings.Add('IZ_Policy_ScriptStatusBar_1_IZ_Partname2103', $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_1_IZ_Partname2103) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_1) + { + $complexDeviceSettings.Add('IZ_PolicyAllowVBScript_1', $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_1_IZ_Partname140C) + { + $complexDeviceSettings.Add('IZ_PolicyAllowVBScript_1_IZ_Partname140C', $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_1_IZ_Partname140C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_1) + { + $complexDeviceSettings.Add('IZ_PolicyNotificationBarDownloadURLaction_1', $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200) + { + $complexDeviceSettings.Add('IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200', $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_1) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_1', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_1) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadSignedActiveX_1', $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001', $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_1) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadUnsignedActiveX_1', $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004', $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_1) + { + $complexDeviceSettings.Add('IZ_Policy_LocalPathForUpload_1', $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_1_IZ_Partname160A) + { + $complexDeviceSettings.Add('IZ_Policy_LocalPathForUpload_1_IZ_Partname160A', $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_1_IZ_Partname160A) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_1) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_1', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_1) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_1', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_1_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_1_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_1_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_1) + { + $complexDeviceSettings.Add('IZ_PolicyLaunchAppsAndFilesInIFRAME_1', $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804) + { + $complexDeviceSettings.Add('IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804', $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLogon_1) + { + $complexDeviceSettings.Add('IZ_PolicyLogon_1', $policySettings.DeviceSettings.iZ_PolicyLogon_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLogon_1_IZ_Partname1A00) + { + $complexDeviceSettings.Add('IZ_PolicyLogon_1_IZ_Partname1A00', $policySettings.DeviceSettings.iZ_PolicyLogon_1_IZ_Partname1A00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_1) + { + $complexDeviceSettings.Add('IZ_PolicyNavigateSubframesAcrossDomains_1', $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607) + { + $complexDeviceSettings.Add('IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607', $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_1) + { + $complexDeviceSettings.Add('IZ_PolicyUnsignedFrameworkComponentsURLaction_1', $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004) + { + $complexDeviceSettings.Add('IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004', $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_1) + { + $complexDeviceSettings.Add('IZ_PolicySignedFrameworkComponentsURLaction_1', $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001) + { + $complexDeviceSettings.Add('IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001', $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_1) + { + $complexDeviceSettings.Add('IZ_Policy_UnsafeFiles_1', $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_1_IZ_Partname1806) + { + $complexDeviceSettings.Add('IZ_Policy_UnsafeFiles_1_IZ_Partname1806', $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_1_IZ_Partname1806) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Internet) + { + $complexDeviceSettings.Add('IZ_PolicyTurnOnXSSFilter_Both_Internet', $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Internet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409) + { + $complexDeviceSettings.Add('IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409', $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_1) + { + $complexDeviceSettings.Add('IZ_Policy_TurnOnProtectedMode_1', $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500) + { + $complexDeviceSettings.Add('IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500', $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_1) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_1', $policySettings.DeviceSettings.iZ_Policy_Phishing_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_1_IZ_Partname2301) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_1_IZ_Partname2301', $policySettings.DeviceSettings.iZ_Policy_Phishing_1_IZ_Partname2301) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_1) + { + $complexDeviceSettings.Add('IZ_PolicyBlockPopupWindows_1', $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_1_IZ_Partname1809) + { + $complexDeviceSettings.Add('IZ_PolicyBlockPopupWindows_1_IZ_Partname1809', $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_1_IZ_Partname1809) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_1) + { + $complexDeviceSettings.Add('IZ_PolicyUserdataPersistence_1', $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_1_IZ_Partname1606) + { + $complexDeviceSettings.Add('IZ_PolicyUserdataPersistence_1_IZ_Partname1606', $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_1_IZ_Partname1606) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_1) + { + $complexDeviceSettings.Add('IZ_PolicyZoneElevationURLaction_1', $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_1) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_1_IZ_Partname2101) + { + $complexDeviceSettings.Add('IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101', $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_1_IZ_Partname2101) + } + if ($null -ne $policySettings.DeviceSettings.iZ_UNCAsIntranet) + { + $complexDeviceSettings.Add('IZ_UNCAsIntranet', $policySettings.DeviceSettings.iZ_UNCAsIntranet) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_3) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_3', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_3) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_3) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_3', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_3) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_3) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_3', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_3) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_3_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_3_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_3_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_9) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_9', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_9) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_9) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_9', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_9) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_9_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_9_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_9_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_2) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_2', $policySettings.DeviceSettings.iZ_Policy_Phishing_2) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_2_IZ_Partname2301) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_2_IZ_Partname2301', $policySettings.DeviceSettings.iZ_Policy_Phishing_2_IZ_Partname2301) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_4) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_4', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_4) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_4_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_4_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_4_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_10) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_10', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_10) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_10_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_10_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_10_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_8) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_8', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_8) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_8_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_8_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_8_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_8) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_8', $policySettings.DeviceSettings.iZ_Policy_Phishing_8) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_8_IZ_Partname2301) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_8_IZ_Partname2301', $policySettings.DeviceSettings.iZ_Policy_Phishing_8_IZ_Partname2301) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_6) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_6', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_6) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_6_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_6_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_6_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_7) + { + $complexDeviceSettings.Add('IZ_PolicyAccessDataSourcesAcrossDomains_7', $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406) + { + $complexDeviceSettings.Add('IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406', $policySettings.DeviceSettings.iZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyActiveScripting_7) + { + $complexDeviceSettings.Add('IZ_PolicyActiveScripting_7', $policySettings.DeviceSettings.iZ_PolicyActiveScripting_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1400) + { + $complexDeviceSettings.Add('IZ_Partname1400', $policySettings.DeviceSettings.iZ_Partname1400) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyBinaryBehaviors_7) + { + $complexDeviceSettings.Add('IZ_PolicyBinaryBehaviors_7', $policySettings.DeviceSettings.iZ_PolicyBinaryBehaviors_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname2000) + { + $complexDeviceSettings.Add('IZ_Partname2000', $policySettings.DeviceSettings.iZ_Partname2000) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_7) + { + $complexDeviceSettings.Add('IZ_PolicyAllowPasteViaScript_7', $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_7_IZ_Partname1407) + { + $complexDeviceSettings.Add('IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407', $policySettings.DeviceSettings.iZ_PolicyAllowPasteViaScript_7_IZ_Partname1407) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_7) + { + $complexDeviceSettings.Add('IZ_PolicyDropOrPasteFiles_7', $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_7_IZ_Partname1802) + { + $complexDeviceSettings.Add('IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802', $policySettings.DeviceSettings.iZ_PolicyDropOrPasteFiles_7_IZ_Partname1802) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyFileDownload_7) + { + $complexDeviceSettings.Add('IZ_PolicyFileDownload_7', $policySettings.DeviceSettings.iZ_PolicyFileDownload_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1803) + { + $complexDeviceSettings.Add('IZ_Partname1803', $policySettings.DeviceSettings.iZ_Partname1803) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_XAML_7) + { + $complexDeviceSettings.Add('IZ_Policy_XAML_7', $policySettings.DeviceSettings.iZ_Policy_XAML_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_XAML_7_IZ_Partname2402) + { + $complexDeviceSettings.Add('IZ_Policy_XAML_7_IZ_Partname2402', $policySettings.DeviceSettings.iZ_Policy_XAML_7_IZ_Partname2402) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowMETAREFRESH_7) + { + $complexDeviceSettings.Add('IZ_PolicyAllowMETAREFRESH_7', $policySettings.DeviceSettings.iZ_PolicyAllowMETAREFRESH_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1608) + { + $complexDeviceSettings.Add('IZ_Partname1608', $policySettings.DeviceSettings.iZ_Partname1608) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted) + { + $complexDeviceSettings.Add('IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted', $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b) + { + $complexDeviceSettings.Add('IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b', $policySettings.DeviceSettings.iZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Restricted) + { + $complexDeviceSettings.Add('IZ_PolicyAllowTDCControl_Both_Restricted', $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Restricted) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c) + { + $complexDeviceSettings.Add('IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c', $policySettings.DeviceSettings.iZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_7) + { + $complexDeviceSettings.Add('IZ_PolicyWindowsRestrictionsURLaction_7', $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102) + { + $complexDeviceSettings.Add('IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102', $policySettings.DeviceSettings.iZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_7) + { + $complexDeviceSettings.Add('IZ_Policy_WebBrowserControl_7', $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_7_IZ_Partname1206) + { + $complexDeviceSettings.Add('IZ_Policy_WebBrowserControl_7_IZ_Partname1206', $policySettings.DeviceSettings.iZ_Policy_WebBrowserControl_7_IZ_Partname1206) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_7) + { + $complexDeviceSettings.Add('IZ_Policy_AllowScriptlets_7', $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_7_IZ_Partname1209) + { + $complexDeviceSettings.Add('IZ_Policy_AllowScriptlets_7_IZ_Partname1209', $policySettings.DeviceSettings.iZ_Policy_AllowScriptlets_7_IZ_Partname1209) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_7) + { + $complexDeviceSettings.Add('IZ_Policy_ScriptStatusBar_7', $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_7_IZ_Partname2103) + { + $complexDeviceSettings.Add('IZ_Policy_ScriptStatusBar_7_IZ_Partname2103', $policySettings.DeviceSettings.iZ_Policy_ScriptStatusBar_7_IZ_Partname2103) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_7) + { + $complexDeviceSettings.Add('IZ_PolicyAllowVBScript_7', $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_7_IZ_Partname140C) + { + $complexDeviceSettings.Add('IZ_PolicyAllowVBScript_7_IZ_Partname140C', $policySettings.DeviceSettings.iZ_PolicyAllowVBScript_7_IZ_Partname140C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_7) + { + $complexDeviceSettings.Add('IZ_PolicyNotificationBarDownloadURLaction_7', $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200) + { + $complexDeviceSettings.Add('IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200', $policySettings.DeviceSettings.iZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_7) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_7', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_7) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadSignedActiveX_7', $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001', $policySettings.DeviceSettings.iZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_7) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadUnsignedActiveX_7', $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004) + { + $complexDeviceSettings.Add('IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004', $policySettings.DeviceSettings.iZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708) + { + $complexDeviceSettings.Add('IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708', $policySettings.DeviceSettings.iZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_7) + { + $complexDeviceSettings.Add('IZ_Policy_LocalPathForUpload_7', $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_7_IZ_Partname160A) + { + $complexDeviceSettings.Add('IZ_Policy_LocalPathForUpload_7_IZ_Partname160A', $policySettings.DeviceSettings.iZ_Policy_LocalPathForUpload_7_IZ_Partname160A) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_7) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_7', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_7) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_7', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_7_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_7_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_7_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_7) + { + $complexDeviceSettings.Add('IZ_PolicyLaunchAppsAndFilesInIFRAME_7', $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804) + { + $complexDeviceSettings.Add('IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804', $policySettings.DeviceSettings.iZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLogon_7) + { + $complexDeviceSettings.Add('IZ_PolicyLogon_7', $policySettings.DeviceSettings.iZ_PolicyLogon_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyLogon_7_IZ_Partname1A00) + { + $complexDeviceSettings.Add('IZ_PolicyLogon_7_IZ_Partname1A00', $policySettings.DeviceSettings.iZ_PolicyLogon_7_IZ_Partname1A00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_7) + { + $complexDeviceSettings.Add('IZ_PolicyNavigateSubframesAcrossDomains_7', $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607) + { + $complexDeviceSettings.Add('IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607', $policySettings.DeviceSettings.iZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_7) + { + $complexDeviceSettings.Add('IZ_PolicyUnsignedFrameworkComponentsURLaction_7', $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004) + { + $complexDeviceSettings.Add('IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004', $policySettings.DeviceSettings.iZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_7) + { + $complexDeviceSettings.Add('IZ_PolicySignedFrameworkComponentsURLaction_7', $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001) + { + $complexDeviceSettings.Add('IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001', $policySettings.DeviceSettings.iZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyRunActiveXControls_7) + { + $complexDeviceSettings.Add('IZ_PolicyRunActiveXControls_7', $policySettings.DeviceSettings.iZ_PolicyRunActiveXControls_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1200) + { + $complexDeviceSettings.Add('IZ_Partname1200', $policySettings.DeviceSettings.iZ_Partname1200) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXMarkedSafe_7) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXMarkedSafe_7', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXMarkedSafe_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1405) + { + $complexDeviceSettings.Add('IZ_Partname1405', $policySettings.DeviceSettings.iZ_Partname1405) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptingOfJavaApplets_7) + { + $complexDeviceSettings.Add('IZ_PolicyScriptingOfJavaApplets_7', $policySettings.DeviceSettings.iZ_PolicyScriptingOfJavaApplets_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Partname1402) + { + $complexDeviceSettings.Add('IZ_Partname1402', $policySettings.DeviceSettings.iZ_Partname1402) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_7) + { + $complexDeviceSettings.Add('IZ_Policy_UnsafeFiles_7', $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_7_IZ_Partname1806) + { + $complexDeviceSettings.Add('IZ_Policy_UnsafeFiles_7_IZ_Partname1806', $policySettings.DeviceSettings.iZ_Policy_UnsafeFiles_7_IZ_Partname1806) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Restricted) + { + $complexDeviceSettings.Add('IZ_PolicyTurnOnXSSFilter_Both_Restricted', $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Restricted) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409) + { + $complexDeviceSettings.Add('IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409', $policySettings.DeviceSettings.iZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_7) + { + $complexDeviceSettings.Add('IZ_Policy_TurnOnProtectedMode_7', $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500) + { + $complexDeviceSettings.Add('IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500', $policySettings.DeviceSettings.iZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_7) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_7', $policySettings.DeviceSettings.iZ_Policy_Phishing_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_Policy_Phishing_7_IZ_Partname2301) + { + $complexDeviceSettings.Add('IZ_Policy_Phishing_7_IZ_Partname2301', $policySettings.DeviceSettings.iZ_Policy_Phishing_7_IZ_Partname2301) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_7) + { + $complexDeviceSettings.Add('IZ_PolicyBlockPopupWindows_7', $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_7_IZ_Partname1809) + { + $complexDeviceSettings.Add('IZ_PolicyBlockPopupWindows_7_IZ_Partname1809', $policySettings.DeviceSettings.iZ_PolicyBlockPopupWindows_7_IZ_Partname1809) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_7) + { + $complexDeviceSettings.Add('IZ_PolicyUserdataPersistence_7', $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_7_IZ_Partname1606) + { + $complexDeviceSettings.Add('IZ_PolicyUserdataPersistence_7_IZ_Partname1606', $policySettings.DeviceSettings.iZ_PolicyUserdataPersistence_7_IZ_Partname1606) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_7) + { + $complexDeviceSettings.Add('IZ_PolicyZoneElevationURLaction_7', $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_7) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_7_IZ_Partname2101) + { + $complexDeviceSettings.Add('IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101', $policySettings.DeviceSettings.iZ_PolicyZoneElevationURLaction_7_IZ_Partname2101) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_5) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_5', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_5) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C) + { + $complexDeviceSettings.Add('IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C', $policySettings.DeviceSettings.iZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_5) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_5', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_5) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201) + { + $complexDeviceSettings.Add('IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201', $policySettings.DeviceSettings.iZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_5) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_5', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_5) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_5_IZ_Partname1C00) + { + $complexDeviceSettings.Add('IZ_PolicyJavaPermissions_5_IZ_Partname1C00', $policySettings.DeviceSettings.iZ_PolicyJavaPermissions_5_IZ_Partname1C00) + } + if ($null -ne $policySettings.DeviceSettings.iZ_PolicyWarnCertMismatch) + { + $complexDeviceSettings.Add('IZ_PolicyWarnCertMismatch', $policySettings.DeviceSettings.iZ_PolicyWarnCertMismatch) + } + if ($null -ne $policySettings.DeviceSettings.disableSafetyFilterOverride) + { + $complexDeviceSettings.Add('DisableSafetyFilterOverride', $policySettings.DeviceSettings.disableSafetyFilterOverride) + } + if ($null -ne $policySettings.DeviceSettings.disableSafetyFilterOverrideForAppRepUnknown) + { + $complexDeviceSettings.Add('DisableSafetyFilterOverrideForAppRepUnknown', $policySettings.DeviceSettings.disableSafetyFilterOverrideForAppRepUnknown) + } + if ($null -ne $policySettings.DeviceSettings.disable_Managing_Safety_Filter_IE9) + { + $complexDeviceSettings.Add('Disable_Managing_Safety_Filter_IE9', $policySettings.DeviceSettings.disable_Managing_Safety_Filter_IE9) + } + if ($null -ne $policySettings.DeviceSettings.iE9SafetyFilterOptions) + { + $complexDeviceSettings.Add('IE9SafetyFilterOptions', $policySettings.DeviceSettings.iE9SafetyFilterOptions) + } + if ($null -ne $policySettings.DeviceSettings.disablePerUserActiveXInstall) + { + $complexDeviceSettings.Add('DisablePerUserActiveXInstall', $policySettings.DeviceSettings.disablePerUserActiveXInstall) + } + if ($null -ne $policySettings.DeviceSettings.verMgmtDisableRunThisTime) + { + $complexDeviceSettings.Add('VerMgmtDisableRunThisTime', $policySettings.DeviceSettings.verMgmtDisableRunThisTime) + } + if ($null -ne $policySettings.DeviceSettings.verMgmtDisable) + { + $complexDeviceSettings.Add('VerMgmtDisable', $policySettings.DeviceSettings.verMgmtDisable) + } + if ($null -ne $policySettings.DeviceSettings.advanced_EnableSSL3Fallback) + { + $complexDeviceSettings.Add('Advanced_EnableSSL3Fallback', $policySettings.DeviceSettings.advanced_EnableSSL3Fallback) + } + if ($null -ne $policySettings.DeviceSettings.advanced_EnableSSL3FallbackOptions) + { + $complexDeviceSettings.Add('Advanced_EnableSSL3FallbackOptions', $policySettings.DeviceSettings.advanced_EnableSSL3FallbackOptions) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_5) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_5', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_5) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_6) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_6', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_6) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_3) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_3', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_3) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_10) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_10', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_10) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_9) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_9', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_9) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_11) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_11', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_11) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_12) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_12', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_12) + } + if ($null -ne $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_8) + { + $complexDeviceSettings.Add('IESF_PolicyExplorerProcesses_8', $policySettings.DeviceSettings.iESF_PolicyExplorerProcesses_8) + } + if ($null -ne $policySettings.DeviceSettings.security_zones_map_edit) + { + $complexDeviceSettings.Add('Security_zones_map_edit', $policySettings.DeviceSettings.security_zones_map_edit) + } + if ($null -ne $policySettings.DeviceSettings.security_options_edit) + { + $complexDeviceSettings.Add('Security_options_edit', $policySettings.DeviceSettings.security_options_edit) + } + if ($null -ne $policySettings.DeviceSettings.security_HKLM_only) + { + $complexDeviceSettings.Add('Security_HKLM_only', $policySettings.DeviceSettings.security_HKLM_only) + } + if ($null -ne $policySettings.DeviceSettings.onlyUseAXISForActiveXInstall) + { + $complexDeviceSettings.Add('OnlyUseAXISForActiveXInstall', $policySettings.DeviceSettings.onlyUseAXISForActiveXInstall) + } + if ($null -ne $policySettings.DeviceSettings.addonManagement_RestrictCrashDetection) + { + $complexDeviceSettings.Add('AddonManagement_RestrictCrashDetection', $policySettings.DeviceSettings.addonManagement_RestrictCrashDetection) + } + if ($null -ne $policySettings.DeviceSettings.disable_Security_Settings_Check) + { + $complexDeviceSettings.Add('Disable_Security_Settings_Check', $policySettings.DeviceSettings.disable_Security_Settings_Check) + } + if ($null -ne $policySettings.DeviceSettings.disableBlockAtFirstSeen) + { + $complexDeviceSettings.Add('DisableBlockAtFirstSeen', $policySettings.DeviceSettings.disableBlockAtFirstSeen) + } + if ($null -ne $policySettings.DeviceSettings.realtimeProtection_DisableScanOnRealtimeEnable) + { + $complexDeviceSettings.Add('RealtimeProtection_DisableScanOnRealtimeEnable', $policySettings.DeviceSettings.realtimeProtection_DisableScanOnRealtimeEnable) + } + if ($null -ne $policySettings.DeviceSettings.scan_DisablePackedExeScanning) + { + $complexDeviceSettings.Add('Scan_DisablePackedExeScanning', $policySettings.DeviceSettings.scan_DisablePackedExeScanning) + } + if ($null -ne $policySettings.DeviceSettings.disableRoutinelyTakingAction) + { + $complexDeviceSettings.Add('DisableRoutinelyTakingAction', $policySettings.DeviceSettings.disableRoutinelyTakingAction) + } + if ($null -ne $policySettings.DeviceSettings.tS_CLIENT_DISABLE_PASSWORD_SAVING_2) + { + $complexDeviceSettings.Add('TS_CLIENT_DISABLE_PASSWORD_SAVING_2', $policySettings.DeviceSettings.tS_CLIENT_DISABLE_PASSWORD_SAVING_2) + } + if ($null -ne $policySettings.DeviceSettings.tS_CLIENT_DRIVE_M) + { + $complexDeviceSettings.Add('TS_CLIENT_DRIVE_M', $policySettings.DeviceSettings.tS_CLIENT_DRIVE_M) + } + if ($null -ne $policySettings.DeviceSettings.tS_PASSWORD) + { + $complexDeviceSettings.Add('TS_PASSWORD', $policySettings.DeviceSettings.tS_PASSWORD) + } + if ($null -ne $policySettings.DeviceSettings.tS_RPC_ENCRYPTION) + { + $complexDeviceSettings.Add('TS_RPC_ENCRYPTION', $policySettings.DeviceSettings.tS_RPC_ENCRYPTION) + } + if ($null -ne $policySettings.DeviceSettings.tS_ENCRYPTION_POLICY) + { + $complexDeviceSettings.Add('TS_ENCRYPTION_POLICY', $policySettings.DeviceSettings.tS_ENCRYPTION_POLICY) + } + if ($null -ne $policySettings.DeviceSettings.tS_ENCRYPTION_LEVEL) + { + $complexDeviceSettings.Add('TS_ENCRYPTION_LEVEL', $policySettings.DeviceSettings.tS_ENCRYPTION_LEVEL) + } + if ($null -ne $policySettings.DeviceSettings.disable_Downloading_of_Enclosures) + { + $complexDeviceSettings.Add('Disable_Downloading_of_Enclosures', $policySettings.DeviceSettings.disable_Downloading_of_Enclosures) + } + if ($null -ne $policySettings.DeviceSettings.enableMPRNotifications) + { + $complexDeviceSettings.Add('EnableMPRNotifications', $policySettings.DeviceSettings.enableMPRNotifications) + } + if ($null -ne $policySettings.DeviceSettings.automaticRestartSignOn) + { + $complexDeviceSettings.Add('AutomaticRestartSignOn', $policySettings.DeviceSettings.automaticRestartSignOn) + } + if ($null -ne $policySettings.DeviceSettings.enableScriptBlockLogging) + { + $complexDeviceSettings.Add('EnableScriptBlockLogging', $policySettings.DeviceSettings.enableScriptBlockLogging) + } + if ($null -ne $policySettings.DeviceSettings.enableScriptBlockInvocationLogging) + { + $complexDeviceSettings.Add('EnableScriptBlockInvocationLogging', $policySettings.DeviceSettings.enableScriptBlockInvocationLogging) + } + if ($null -ne $policySettings.DeviceSettings.allowBasic_2) + { + $complexDeviceSettings.Add('AllowBasic_2', $policySettings.DeviceSettings.allowBasic_2) + } + if ($null -ne $policySettings.DeviceSettings.allowUnencrypted_2) + { + $complexDeviceSettings.Add('AllowUnencrypted_2', $policySettings.DeviceSettings.allowUnencrypted_2) + } + if ($null -ne $policySettings.DeviceSettings.disallowDigest) + { + $complexDeviceSettings.Add('DisallowDigest', $policySettings.DeviceSettings.disallowDigest) + } + if ($null -ne $policySettings.DeviceSettings.allowBasic_1) + { + $complexDeviceSettings.Add('AllowBasic_1', $policySettings.DeviceSettings.allowBasic_1) + } + if ($null -ne $policySettings.DeviceSettings.allowUnencrypted_1) + { + $complexDeviceSettings.Add('AllowUnencrypted_1', $policySettings.DeviceSettings.allowUnencrypted_1) + } + if ($null -ne $policySettings.DeviceSettings.disableRunAs) + { + $complexDeviceSettings.Add('DisableRunAs', $policySettings.DeviceSettings.disableRunAs) + } + if ($null -ne $policySettings.DeviceSettings.accountLogon_AuditCredentialValidation) + { + $complexDeviceSettings.Add('AccountLogon_AuditCredentialValidation', $policySettings.DeviceSettings.accountLogon_AuditCredentialValidation) + } + if ($null -ne $policySettings.DeviceSettings.accountLogonLogoff_AuditAccountLockout) + { + $complexDeviceSettings.Add('AccountLogonLogoff_AuditAccountLockout', $policySettings.DeviceSettings.accountLogonLogoff_AuditAccountLockout) + } + if ($null -ne $policySettings.DeviceSettings.accountLogonLogoff_AuditGroupMembership) + { + $complexDeviceSettings.Add('AccountLogonLogoff_AuditGroupMembership', $policySettings.DeviceSettings.accountLogonLogoff_AuditGroupMembership) + } + if ($null -ne $policySettings.DeviceSettings.accountLogonLogoff_AuditLogon) + { + $complexDeviceSettings.Add('AccountLogonLogoff_AuditLogon', $policySettings.DeviceSettings.accountLogonLogoff_AuditLogon) + } + if ($null -ne $policySettings.DeviceSettings.policyChange_AuditAuthenticationPolicyChange) + { + $complexDeviceSettings.Add('PolicyChange_AuditAuthenticationPolicyChange', $policySettings.DeviceSettings.policyChange_AuditAuthenticationPolicyChange) + } + if ($null -ne $policySettings.DeviceSettings.policyChange_AuditPolicyChange) + { + $complexDeviceSettings.Add('PolicyChange_AuditPolicyChange', $policySettings.DeviceSettings.policyChange_AuditPolicyChange) + } + if ($null -ne $policySettings.DeviceSettings.objectAccess_AuditFileShare) + { + $complexDeviceSettings.Add('ObjectAccess_AuditFileShare', $policySettings.DeviceSettings.objectAccess_AuditFileShare) + } + if ($null -ne $policySettings.DeviceSettings.accountLogonLogoff_AuditOtherLogonLogoffEvents) + { + $complexDeviceSettings.Add('AccountLogonLogoff_AuditOtherLogonLogoffEvents', $policySettings.DeviceSettings.accountLogonLogoff_AuditOtherLogonLogoffEvents) + } + if ($null -ne $policySettings.DeviceSettings.accountManagement_AuditSecurityGroupManagement) + { + $complexDeviceSettings.Add('AccountManagement_AuditSecurityGroupManagement', $policySettings.DeviceSettings.accountManagement_AuditSecurityGroupManagement) + } + if ($null -ne $policySettings.DeviceSettings.system_AuditSecuritySystemExtension) + { + $complexDeviceSettings.Add('System_AuditSecuritySystemExtension', $policySettings.DeviceSettings.system_AuditSecuritySystemExtension) + } + if ($null -ne $policySettings.DeviceSettings.accountLogonLogoff_AuditSpecialLogon) + { + $complexDeviceSettings.Add('AccountLogonLogoff_AuditSpecialLogon', $policySettings.DeviceSettings.accountLogonLogoff_AuditSpecialLogon) + } + if ($null -ne $policySettings.DeviceSettings.accountManagement_AuditUserAccountManagement) + { + $complexDeviceSettings.Add('AccountManagement_AuditUserAccountManagement', $policySettings.DeviceSettings.accountManagement_AuditUserAccountManagement) + } + if ($null -ne $policySettings.DeviceSettings.detailedTracking_AuditPNPActivity) + { + $complexDeviceSettings.Add('DetailedTracking_AuditPNPActivity', $policySettings.DeviceSettings.detailedTracking_AuditPNPActivity) + } + if ($null -ne $policySettings.DeviceSettings.detailedTracking_AuditProcessCreation) + { + $complexDeviceSettings.Add('DetailedTracking_AuditProcessCreation', $policySettings.DeviceSettings.detailedTracking_AuditProcessCreation) + } + if ($null -ne $policySettings.DeviceSettings.objectAccess_AuditDetailedFileShare) + { + $complexDeviceSettings.Add('ObjectAccess_AuditDetailedFileShare', $policySettings.DeviceSettings.objectAccess_AuditDetailedFileShare) + } + if ($null -ne $policySettings.DeviceSettings.objectAccess_AuditOtherObjectAccessEvents) + { + $complexDeviceSettings.Add('ObjectAccess_AuditOtherObjectAccessEvents', $policySettings.DeviceSettings.objectAccess_AuditOtherObjectAccessEvents) + } + if ($null -ne $policySettings.DeviceSettings.objectAccess_AuditRemovableStorage) + { + $complexDeviceSettings.Add('ObjectAccess_AuditRemovableStorage', $policySettings.DeviceSettings.objectAccess_AuditRemovableStorage) + } + if ($null -ne $policySettings.DeviceSettings.policyChange_AuditMPSSVCRuleLevelPolicyChange) + { + $complexDeviceSettings.Add('PolicyChange_AuditMPSSVCRuleLevelPolicyChange', $policySettings.DeviceSettings.policyChange_AuditMPSSVCRuleLevelPolicyChange) + } + if ($null -ne $policySettings.DeviceSettings.policyChange_AuditOtherPolicyChangeEvents) + { + $complexDeviceSettings.Add('PolicyChange_AuditOtherPolicyChangeEvents', $policySettings.DeviceSettings.policyChange_AuditOtherPolicyChangeEvents) + } + if ($null -ne $policySettings.DeviceSettings.privilegeUse_AuditSensitivePrivilegeUse) + { + $complexDeviceSettings.Add('PrivilegeUse_AuditSensitivePrivilegeUse', $policySettings.DeviceSettings.privilegeUse_AuditSensitivePrivilegeUse) + } + if ($null -ne $policySettings.DeviceSettings.system_AuditOtherSystemEvents) + { + $complexDeviceSettings.Add('System_AuditOtherSystemEvents', $policySettings.DeviceSettings.system_AuditOtherSystemEvents) + } + if ($null -ne $policySettings.DeviceSettings.system_AuditSecurityStateChange) + { + $complexDeviceSettings.Add('System_AuditSecurityStateChange', $policySettings.DeviceSettings.system_AuditSecurityStateChange) + } + if ($null -ne $policySettings.DeviceSettings.system_AuditSystemIntegrity) + { + $complexDeviceSettings.Add('System_AuditSystemIntegrity', $policySettings.DeviceSettings.system_AuditSystemIntegrity) + } + if ($null -ne $policySettings.DeviceSettings.allowPasswordManager) + { + $complexDeviceSettings.Add('AllowPasswordManager', $policySettings.DeviceSettings.allowPasswordManager) + } + if ($null -ne $policySettings.DeviceSettings.allowSmartScreen) + { + $complexDeviceSettings.Add('AllowSmartScreen', $policySettings.DeviceSettings.allowSmartScreen) + } + if ($null -ne $policySettings.DeviceSettings.preventCertErrorOverrides) + { + $complexDeviceSettings.Add('PreventCertErrorOverrides', $policySettings.DeviceSettings.preventCertErrorOverrides) + } + if ($null -ne $policySettings.DeviceSettings.browser_PreventSmartScreenPromptOverride) + { + $complexDeviceSettings.Add('Browser_PreventSmartScreenPromptOverride', $policySettings.DeviceSettings.browser_PreventSmartScreenPromptOverride) + } + if ($null -ne $policySettings.DeviceSettings.preventSmartScreenPromptOverrideForFiles) + { + $complexDeviceSettings.Add('PreventSmartScreenPromptOverrideForFiles', $policySettings.DeviceSettings.preventSmartScreenPromptOverrideForFiles) + } + if ($null -ne $policySettings.DeviceSettings.allowDirectMemoryAccess) + { + $complexDeviceSettings.Add('AllowDirectMemoryAccess', $policySettings.DeviceSettings.allowDirectMemoryAccess) + } + if ($null -ne $policySettings.DeviceSettings.allowArchiveScanning) + { + $complexDeviceSettings.Add('AllowArchiveScanning', $policySettings.DeviceSettings.allowArchiveScanning) + } + if ($null -ne $policySettings.DeviceSettings.allowBehaviorMonitoring) + { + $complexDeviceSettings.Add('AllowBehaviorMonitoring', $policySettings.DeviceSettings.allowBehaviorMonitoring) + } + if ($null -ne $policySettings.DeviceSettings.allowCloudProtection) + { + $complexDeviceSettings.Add('AllowCloudProtection', $policySettings.DeviceSettings.allowCloudProtection) + } + if ($null -ne $policySettings.DeviceSettings.allowFullScanRemovableDriveScanning) + { + $complexDeviceSettings.Add('AllowFullScanRemovableDriveScanning', $policySettings.DeviceSettings.allowFullScanRemovableDriveScanning) + } + if ($null -ne $policySettings.DeviceSettings.allowOnAccessProtection) + { + $complexDeviceSettings.Add('AllowOnAccessProtection', $policySettings.DeviceSettings.allowOnAccessProtection) + } + if ($null -ne $policySettings.DeviceSettings.allowRealtimeMonitoring) + { + $complexDeviceSettings.Add('AllowRealtimeMonitoring', $policySettings.DeviceSettings.allowRealtimeMonitoring) + } + if ($null -ne $policySettings.DeviceSettings.allowIOAVProtection) + { + $complexDeviceSettings.Add('AllowIOAVProtection', $policySettings.DeviceSettings.allowIOAVProtection) + } + if ($null -ne $policySettings.DeviceSettings.allowScriptScanning) + { + $complexDeviceSettings.Add('AllowScriptScanning', $policySettings.DeviceSettings.allowScriptScanning) + } + if ($null -ne $policySettings.DeviceSettings.cloudBlockLevel) + { + $complexDeviceSettings.Add('CloudBlockLevel', $policySettings.DeviceSettings.cloudBlockLevel) + } + if ($null -ne $policySettings.DeviceSettings.cloudExtendedTimeout) + { + $complexDeviceSettings.Add('CloudExtendedTimeout', $policySettings.DeviceSettings.cloudExtendedTimeout) + } + if ($null -ne $policySettings.DeviceSettings.disableLocalAdminMerge) + { + $complexDeviceSettings.Add('DisableLocalAdminMerge', $policySettings.DeviceSettings.disableLocalAdminMerge) + } + if ($null -ne $policySettings.DeviceSettings.enableFileHashComputation) + { + $complexDeviceSettings.Add('EnableFileHashComputation', $policySettings.DeviceSettings.enableFileHashComputation) + } + if ($null -ne $policySettings.DeviceSettings.enableNetworkProtection) + { + $complexDeviceSettings.Add('EnableNetworkProtection', $policySettings.DeviceSettings.enableNetworkProtection) + } + if ($null -ne $policySettings.DeviceSettings.hideExclusionsFromLocalAdmins) + { + $complexDeviceSettings.Add('HideExclusionsFromLocalAdmins', $policySettings.DeviceSettings.hideExclusionsFromLocalAdmins) + } + if ($null -ne $policySettings.DeviceSettings.pUAProtection) + { + $complexDeviceSettings.Add('PUAProtection', $policySettings.DeviceSettings.pUAProtection) + } + if ($null -ne $policySettings.DeviceSettings.realTimeScanDirection) + { + $complexDeviceSettings.Add('RealTimeScanDirection', $policySettings.DeviceSettings.realTimeScanDirection) + } + if ($null -ne $policySettings.DeviceSettings.submitSamplesConsent) + { + $complexDeviceSettings.Add('SubmitSamplesConsent', $policySettings.DeviceSettings.submitSamplesConsent) + } + if ($null -ne $policySettings.DeviceSettings.configureSystemGuardLaunch) + { + $complexDeviceSettings.Add('ConfigureSystemGuardLaunch', $policySettings.DeviceSettings.configureSystemGuardLaunch) + } + if ($null -ne $policySettings.DeviceSettings.lsaCfgFlags) + { + $complexDeviceSettings.Add('LsaCfgFlags', $policySettings.DeviceSettings.lsaCfgFlags) + } + if ($null -ne $policySettings.DeviceSettings.enableVirtualizationBasedSecurity) + { + $complexDeviceSettings.Add('EnableVirtualizationBasedSecurity', $policySettings.DeviceSettings.enableVirtualizationBasedSecurity) + } + if ($null -ne $policySettings.DeviceSettings.requirePlatformSecurityFeatures) + { + $complexDeviceSettings.Add('RequirePlatformSecurityFeatures', $policySettings.DeviceSettings.requirePlatformSecurityFeatures) + } + if ($null -ne $policySettings.DeviceSettings.devicePasswordEnabled) + { + $complexDeviceSettings.Add('DevicePasswordEnabled', $policySettings.DeviceSettings.devicePasswordEnabled) + } + if ($null -ne $policySettings.DeviceSettings.devicePasswordExpiration) + { + $complexDeviceSettings.Add('DevicePasswordExpiration', $policySettings.DeviceSettings.devicePasswordExpiration) + } + if ($null -ne $policySettings.DeviceSettings.minDevicePasswordLength) + { + $complexDeviceSettings.Add('MinDevicePasswordLength', $policySettings.DeviceSettings.minDevicePasswordLength) + } + if ($null -ne $policySettings.DeviceSettings.alphanumericDevicePasswordRequired) + { + $complexDeviceSettings.Add('AlphanumericDevicePasswordRequired', $policySettings.DeviceSettings.alphanumericDevicePasswordRequired) + } + if ($null -ne $policySettings.DeviceSettings.maxDevicePasswordFailedAttempts) + { + $complexDeviceSettings.Add('MaxDevicePasswordFailedAttempts', $policySettings.DeviceSettings.maxDevicePasswordFailedAttempts) + } + if ($null -ne $policySettings.DeviceSettings.minDevicePasswordComplexCharacters) + { + $complexDeviceSettings.Add('MinDevicePasswordComplexCharacters', $policySettings.DeviceSettings.minDevicePasswordComplexCharacters) + } + if ($null -ne $policySettings.DeviceSettings.maxInactivityTimeDeviceLock) + { + $complexDeviceSettings.Add('MaxInactivityTimeDeviceLock', $policySettings.DeviceSettings.maxInactivityTimeDeviceLock) + } + if ($null -ne $policySettings.DeviceSettings.devicePasswordHistory) + { + $complexDeviceSettings.Add('DevicePasswordHistory', $policySettings.DeviceSettings.devicePasswordHistory) + } + if ($null -ne $policySettings.DeviceSettings.allowSimpleDevicePassword) + { + $complexDeviceSettings.Add('AllowSimpleDevicePassword', $policySettings.DeviceSettings.allowSimpleDevicePassword) + } + if ($null -ne $policySettings.DeviceSettings.deviceEnumerationPolicy) + { + $complexDeviceSettings.Add('DeviceEnumerationPolicy', $policySettings.DeviceSettings.deviceEnumerationPolicy) + } + if ($null -ne $policySettings.DeviceSettings.enableInsecureGuestLogons) + { + $complexDeviceSettings.Add('EnableInsecureGuestLogons', $policySettings.DeviceSettings.enableInsecureGuestLogons) + } + if ($null -ne $policySettings.DeviceSettings.accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly) + { + $complexDeviceSettings.Add('Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly', $policySettings.DeviceSettings.accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly) + } + if ($null -ne $policySettings.DeviceSettings.interactiveLogon_MachineInactivityLimit) + { + $complexDeviceSettings.Add('InteractiveLogon_MachineInactivityLimit', $policySettings.DeviceSettings.interactiveLogon_MachineInactivityLimit) + } + if ($null -ne $policySettings.DeviceSettings.interactiveLogon_SmartCardRemovalBehavior) + { + $complexDeviceSettings.Add('InteractiveLogon_SmartCardRemovalBehavior', $policySettings.DeviceSettings.interactiveLogon_SmartCardRemovalBehavior) + } + if ($null -ne $policySettings.DeviceSettings.microsoftNetworkClient_DigitallySignCommunicationsAlways) + { + $complexDeviceSettings.Add('MicrosoftNetworkClient_DigitallySignCommunicationsAlways', $policySettings.DeviceSettings.microsoftNetworkClient_DigitallySignCommunicationsAlways) + } + if ($null -ne $policySettings.DeviceSettings.microsoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers) + { + $complexDeviceSettings.Add('MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers', $policySettings.DeviceSettings.microsoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers) + } + if ($null -ne $policySettings.DeviceSettings.microsoftNetworkServer_DigitallySignCommunicationsAlways) + { + $complexDeviceSettings.Add('MicrosoftNetworkServer_DigitallySignCommunicationsAlways', $policySettings.DeviceSettings.microsoftNetworkServer_DigitallySignCommunicationsAlways) + } + if ($null -ne $policySettings.DeviceSettings.networkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts) + { + $complexDeviceSettings.Add('NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts', $policySettings.DeviceSettings.networkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts) + } + if ($null -ne $policySettings.DeviceSettings.networkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares) + { + $complexDeviceSettings.Add('NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares', $policySettings.DeviceSettings.networkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares) + } + if ($null -ne $policySettings.DeviceSettings.networkAccess_RestrictAnonymousAccessToNamedPipesAndShares) + { + $complexDeviceSettings.Add('NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares', $policySettings.DeviceSettings.networkAccess_RestrictAnonymousAccessToNamedPipesAndShares) + } + if ($null -ne $policySettings.DeviceSettings.networkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM) + { + $complexDeviceSettings.Add('NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM', $policySettings.DeviceSettings.networkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM) + } + if ($null -ne $policySettings.DeviceSettings.networkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange) + { + $complexDeviceSettings.Add('NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange', $policySettings.DeviceSettings.networkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange) + } + if ($null -ne $policySettings.DeviceSettings.networkSecurity_LANManagerAuthenticationLevel) + { + $complexDeviceSettings.Add('NetworkSecurity_LANManagerAuthenticationLevel', $policySettings.DeviceSettings.networkSecurity_LANManagerAuthenticationLevel) + } + if ($null -ne $policySettings.DeviceSettings.networkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients) + { + $complexDeviceSettings.Add('NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients', $policySettings.DeviceSettings.networkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients) + } + if ($null -ne $policySettings.DeviceSettings.networkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers) + { + $complexDeviceSettings.Add('NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers', $policySettings.DeviceSettings.networkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_BehaviorOfTheElevationPromptForAdministrators) + { + $complexDeviceSettings.Add('UserAccountControl_BehaviorOfTheElevationPromptForAdministrators', $policySettings.DeviceSettings.userAccountControl_BehaviorOfTheElevationPromptForAdministrators) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_BehaviorOfTheElevationPromptForStandardUsers) + { + $complexDeviceSettings.Add('UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers', $policySettings.DeviceSettings.userAccountControl_BehaviorOfTheElevationPromptForStandardUsers) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_DetectApplicationInstallationsAndPromptForElevation) + { + $complexDeviceSettings.Add('UserAccountControl_DetectApplicationInstallationsAndPromptForElevation', $policySettings.DeviceSettings.userAccountControl_DetectApplicationInstallationsAndPromptForElevation) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations) + { + $complexDeviceSettings.Add('UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations', $policySettings.DeviceSettings.userAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_RunAllAdministratorsInAdminApprovalMode) + { + $complexDeviceSettings.Add('UserAccountControl_RunAllAdministratorsInAdminApprovalMode', $policySettings.DeviceSettings.userAccountControl_RunAllAdministratorsInAdminApprovalMode) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_UseAdminApprovalMode) + { + $complexDeviceSettings.Add('UserAccountControl_UseAdminApprovalMode', $policySettings.DeviceSettings.userAccountControl_UseAdminApprovalMode) + } + if ($null -ne $policySettings.DeviceSettings.userAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations) + { + $complexDeviceSettings.Add('UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations', $policySettings.DeviceSettings.userAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations) + } + if ($null -ne $policySettings.DeviceSettings.configureLsaProtectedProcess) + { + $complexDeviceSettings.Add('ConfigureLsaProtectedProcess', $policySettings.DeviceSettings.configureLsaProtectedProcess) + } + if ($null -ne $policySettings.DeviceSettings.allowGameDVR) + { + $complexDeviceSettings.Add('AllowGameDVR', $policySettings.DeviceSettings.allowGameDVR) + } + if ($null -ne $policySettings.DeviceSettings.mSIAllowUserControlOverInstall) + { + $complexDeviceSettings.Add('MSIAllowUserControlOverInstall', $policySettings.DeviceSettings.mSIAllowUserControlOverInstall) + } + if ($null -ne $policySettings.DeviceSettings.mSIAlwaysInstallWithElevatedPrivileges) + { + $complexDeviceSettings.Add('MSIAlwaysInstallWithElevatedPrivileges', $policySettings.DeviceSettings.mSIAlwaysInstallWithElevatedPrivileges) + } + if ($null -ne $policySettings.DeviceSettings.smartScreenEnabled) + { + $complexDeviceSettings.Add('SmartScreenEnabled', $policySettings.DeviceSettings.smartScreenEnabled) + } + if ($null -ne $policySettings.DeviceSettings.smartScreen_PreventSmartScreenPromptOverride) + { + $complexDeviceSettings.Add('SmartScreen_PreventSmartScreenPromptOverride', $policySettings.DeviceSettings.smartScreen_PreventSmartScreenPromptOverride) + } + if ($null -ne $policySettings.DeviceSettings.letAppsActivateWithVoiceAboveLock) + { + $complexDeviceSettings.Add('LetAppsActivateWithVoiceAboveLock', $policySettings.DeviceSettings.letAppsActivateWithVoiceAboveLock) + } + if ($null -ne $policySettings.DeviceSettings.allowIndexingEncryptedStoresOrItems) + { + $complexDeviceSettings.Add('AllowIndexingEncryptedStoresOrItems', $policySettings.DeviceSettings.allowIndexingEncryptedStoresOrItems) + } + if ($null -ne $policySettings.DeviceSettings.enableSmartScreenInShell) + { + $complexDeviceSettings.Add('EnableSmartScreenInShell', $policySettings.DeviceSettings.enableSmartScreenInShell) + } + if ($null -ne $policySettings.DeviceSettings.notifyMalicious) + { + $complexDeviceSettings.Add('NotifyMalicious', $policySettings.DeviceSettings.notifyMalicious) + } + if ($null -ne $policySettings.DeviceSettings.notifyPasswordReuse) + { + $complexDeviceSettings.Add('NotifyPasswordReuse', $policySettings.DeviceSettings.notifyPasswordReuse) + } + if ($null -ne $policySettings.DeviceSettings.notifyUnsafeApp) + { + $complexDeviceSettings.Add('NotifyUnsafeApp', $policySettings.DeviceSettings.notifyUnsafeApp) + } + if ($null -ne $policySettings.DeviceSettings.serviceEnabled) + { + $complexDeviceSettings.Add('ServiceEnabled', $policySettings.DeviceSettings.serviceEnabled) + } + if ($null -ne $policySettings.DeviceSettings.preventOverrideForFilesInShell) + { + $complexDeviceSettings.Add('PreventOverrideForFilesInShell', $policySettings.DeviceSettings.preventOverrideForFilesInShell) + } + if ($null -ne $policySettings.DeviceSettings.configureXboxAccessoryManagementServiceStartupMode) + { + $complexDeviceSettings.Add('ConfigureXboxAccessoryManagementServiceStartupMode', $policySettings.DeviceSettings.configureXboxAccessoryManagementServiceStartupMode) + } + if ($null -ne $policySettings.DeviceSettings.configureXboxLiveAuthManagerServiceStartupMode) + { + $complexDeviceSettings.Add('ConfigureXboxLiveAuthManagerServiceStartupMode', $policySettings.DeviceSettings.configureXboxLiveAuthManagerServiceStartupMode) + } + if ($null -ne $policySettings.DeviceSettings.configureXboxLiveGameSaveServiceStartupMode) + { + $complexDeviceSettings.Add('ConfigureXboxLiveGameSaveServiceStartupMode', $policySettings.DeviceSettings.configureXboxLiveGameSaveServiceStartupMode) + } + if ($null -ne $policySettings.DeviceSettings.configureXboxLiveNetworkingServiceStartupMode) + { + $complexDeviceSettings.Add('ConfigureXboxLiveNetworkingServiceStartupMode', $policySettings.DeviceSettings.configureXboxLiveNetworkingServiceStartupMode) + } + if ($null -ne $policySettings.DeviceSettings.enableXboxGameSaveTask) + { + $complexDeviceSettings.Add('EnableXboxGameSaveTask', $policySettings.DeviceSettings.enableXboxGameSaveTask) + } + if ($null -ne $policySettings.DeviceSettings.accessFromNetwork) + { + $complexDeviceSettings.Add('AccessFromNetwork', $policySettings.DeviceSettings.accessFromNetwork) + } + if ($null -ne $policySettings.DeviceSettings.allowLocalLogOn) + { + $complexDeviceSettings.Add('AllowLocalLogOn', $policySettings.DeviceSettings.allowLocalLogOn) + } + if ($null -ne $policySettings.DeviceSettings.backupFilesAndDirectories) + { + $complexDeviceSettings.Add('BackupFilesAndDirectories', $policySettings.DeviceSettings.backupFilesAndDirectories) + } + if ($null -ne $policySettings.DeviceSettings.createGlobalObjects) + { + $complexDeviceSettings.Add('CreateGlobalObjects', $policySettings.DeviceSettings.createGlobalObjects) + } + if ($null -ne $policySettings.DeviceSettings.createPageFile) + { + $complexDeviceSettings.Add('CreatePageFile', $policySettings.DeviceSettings.createPageFile) + } + if ($null -ne $policySettings.DeviceSettings.debugPrograms) + { + $complexDeviceSettings.Add('DebugPrograms', $policySettings.DeviceSettings.debugPrograms) + } + if ($null -ne $policySettings.DeviceSettings.denyAccessFromNetwork) + { + $complexDeviceSettings.Add('DenyAccessFromNetwork', $policySettings.DeviceSettings.denyAccessFromNetwork) + } + if ($null -ne $policySettings.DeviceSettings.denyRemoteDesktopServicesLogOn) + { + $complexDeviceSettings.Add('DenyRemoteDesktopServicesLogOn', $policySettings.DeviceSettings.denyRemoteDesktopServicesLogOn) + } + if ($null -ne $policySettings.DeviceSettings.impersonateClient) + { + $complexDeviceSettings.Add('ImpersonateClient', $policySettings.DeviceSettings.impersonateClient) + } + if ($null -ne $policySettings.DeviceSettings.loadUnloadDeviceDrivers) + { + $complexDeviceSettings.Add('LoadUnloadDeviceDrivers', $policySettings.DeviceSettings.loadUnloadDeviceDrivers) + } + if ($null -ne $policySettings.DeviceSettings.manageAuditingAndSecurityLog) + { + $complexDeviceSettings.Add('ManageAuditingAndSecurityLog', $policySettings.DeviceSettings.manageAuditingAndSecurityLog) + } + if ($null -ne $policySettings.DeviceSettings.manageVolume) + { + $complexDeviceSettings.Add('ManageVolume', $policySettings.DeviceSettings.manageVolume) + } + if ($null -ne $policySettings.DeviceSettings.modifyFirmwareEnvironment) + { + $complexDeviceSettings.Add('ModifyFirmwareEnvironment', $policySettings.DeviceSettings.modifyFirmwareEnvironment) + } + if ($null -ne $policySettings.DeviceSettings.profileSingleProcess) + { + $complexDeviceSettings.Add('ProfileSingleProcess', $policySettings.DeviceSettings.profileSingleProcess) + } + if ($null -ne $policySettings.DeviceSettings.remoteShutdown) + { + $complexDeviceSettings.Add('RemoteShutdown', $policySettings.DeviceSettings.remoteShutdown) + } + if ($null -ne $policySettings.DeviceSettings.restoreFilesAndDirectories) + { + $complexDeviceSettings.Add('RestoreFilesAndDirectories', $policySettings.DeviceSettings.restoreFilesAndDirectories) + } + if ($null -ne $policySettings.DeviceSettings.takeOwnership) + { + $complexDeviceSettings.Add('TakeOwnership', $policySettings.DeviceSettings.takeOwnership) + } + if ($null -ne $policySettings.DeviceSettings.hypervisorEnforcedCodeIntegrity) + { + $complexDeviceSettings.Add('HypervisorEnforcedCodeIntegrity', $policySettings.DeviceSettings.hypervisorEnforcedCodeIntegrity) + } + if ($null -ne $policySettings.DeviceSettings.allowAutoConnectToWiFiSenseHotspots) + { + $complexDeviceSettings.Add('AllowAutoConnectToWiFiSenseHotspots', $policySettings.DeviceSettings.allowAutoConnectToWiFiSenseHotspots) + } + if ($null -ne $policySettings.DeviceSettings.allowInternetSharing) + { + $complexDeviceSettings.Add('AllowInternetSharing', $policySettings.DeviceSettings.allowInternetSharing) + } + if ($null -ne $policySettings.DeviceSettings.facialFeaturesUseEnhancedAntiSpoofing) + { + $complexDeviceSettings.Add('FacialFeaturesUseEnhancedAntiSpoofing', $policySettings.DeviceSettings.facialFeaturesUseEnhancedAntiSpoofing) + } + if ($null -ne $policySettings.DeviceSettings.allowWindowsInkWorkspace) + { + $complexDeviceSettings.Add('AllowWindowsInkWorkspace', $policySettings.DeviceSettings.allowWindowsInkWorkspace) + } + if ($null -ne $policySettings.DeviceSettings.backupDirectory) + { + $complexDeviceSettings.Add('BackupDirectory', $policySettings.DeviceSettings.backupDirectory) + } + if ($null -ne $policySettings.DeviceSettings.aDEncryptedPasswordHistorySize) + { + $complexDeviceSettings.Add('ADEncryptedPasswordHistorySize', $policySettings.DeviceSettings.aDEncryptedPasswordHistorySize) + } + if ($null -ne $policySettings.DeviceSettings.passwordagedays) + { + $complexDeviceSettings.Add('Passwordagedays', $policySettings.DeviceSettings.passwordagedays) + } + if ($null -ne $policySettings.DeviceSettings.aDPasswordEncryptionEnabled) + { + $complexDeviceSettings.Add('ADPasswordEncryptionEnabled', $policySettings.DeviceSettings.aDPasswordEncryptionEnabled) + } + if ($null -ne $policySettings.DeviceSettings.passwordagedays_aad) + { + $complexDeviceSettings.Add('Passwordagedays_aad', $policySettings.DeviceSettings.passwordagedays_aad) + } + if ($null -ne $policySettings.DeviceSettings.aDPasswordEncryptionPrincipal) + { + $complexDeviceSettings.Add('ADPasswordEncryptionPrincipal', $policySettings.DeviceSettings.aDPasswordEncryptionPrincipal) + } + if ($null -ne $policySettings.DeviceSettings.passwordExpirationProtectionEnabled) + { + $complexDeviceSettings.Add('PasswordExpirationProtectionEnabled', $policySettings.DeviceSettings.passwordExpirationProtectionEnabled) + } + if ($complexDeviceSettings.Values.Where({ $null -ne $_ }).Count -eq 0) + { + $complexDeviceSettings = $null + } + $policySettings.Remove('DeviceSettings') | Out-Null + + $complexUserSettings = @{} + # Add user settings with conditional checks + if ($null -ne $policySettings.UserSettings.noLockScreenToastNotification) + { + $complexUserSettings.Add('NoLockScreenToastNotification', $policySettings.UserSettings.noLockScreenToastNotification) + } + if ($null -ne $policySettings.UserSettings.restrictFormSuggestPW) + { + $complexUserSettings.Add('RestrictFormSuggestPW', $policySettings.UserSettings.restrictFormSuggestPW) + } + if ($null -ne $policySettings.UserSettings.chkBox_PasswordAsk) + { + $complexUserSettings.Add('ChkBox_PasswordAsk', $policySettings.UserSettings.chkBox_PasswordAsk) + } + if ($null -ne $policySettings.UserSettings.allowWindowsSpotlight) + { + $complexUserSettings.Add('AllowWindowsSpotlight', $policySettings.UserSettings.allowWindowsSpotlight) + } + if ($null -ne $policySettings.UserSettings.allowWindowsTips) + { + $complexUserSettings.Add('AllowWindowsTips', $policySettings.UserSettings.allowWindowsTips) + } + if ($null -ne $policySettings.UserSettings.allowTailoredExperiencesWithDiagnosticData) + { + $complexUserSettings.Add('AllowTailoredExperiencesWithDiagnosticData', $policySettings.UserSettings.allowTailoredExperiencesWithDiagnosticData) + } + if ($null -ne $policySettings.UserSettings.allowWindowsSpotlightOnActionCenter) + { + $complexUserSettings.Add('AllowWindowsSpotlightOnActionCenter', $policySettings.UserSettings.allowWindowsSpotlightOnActionCenter) + } + if ($null -ne $policySettings.UserSettings.allowWindowsConsumerFeatures) + { + $complexUserSettings.Add('AllowWindowsConsumerFeatures', $policySettings.UserSettings.allowWindowsConsumerFeatures) + } + if ($null -ne $policySettings.UserSettings.configureWindowsSpotlightOnLockScreen) + { + $complexUserSettings.Add('ConfigureWindowsSpotlightOnLockScreen', $policySettings.UserSettings.configureWindowsSpotlightOnLockScreen) + } + if ($null -ne $policySettings.UserSettings.allowWindowsSpotlightWindowsWelcomeExperience) + { + $complexUserSettings.Add('AllowWindowsSpotlightWindowsWelcomeExperience', $policySettings.UserSettings.allowWindowsSpotlightWindowsWelcomeExperience) + } + if ($null -ne $policySettings.UserSettings.allowThirdPartySuggestionsInWindowsSpotlight) + { + $complexUserSettings.Add('AllowThirdPartySuggestionsInWindowsSpotlight', $policySettings.UserSettings.allowThirdPartySuggestionsInWindowsSpotlight) + } + # Check if $complexUserSettings is empty + if ($complexUserSettings.Values.Where({ $null -ne $_ }).Count -eq 0) + { + $complexUserSettings = $null + } + $policySettings.Remove('UserSettings') | Out-Null + #endregion + + $results = @{ + #region resource generator code + Description = $getValue.Description + DisplayName = $getValue.Name + RoleScopeTagIds = $getValue.RoleScopeTagIds + Id = $getValue.Id + DeviceSettings = $complexDeviceSettings + UserSettings = $complexUserSettings + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + #endregion + } + $results += $policySettings + + $assignmentsValues = Get-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceManagementConfigurationPolicyId $Id + $assignmentResult = @() + if ($assignmentsValues.Count -gt 0) + { + $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $assignmentsValues -IncludeDeviceFilter $true + } + $results.Add('Assignments', $assignmentResult) + + return [System.Collections.Hashtable] $results + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullResult + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + Write-Verbose -Message "Setting configuration of the Intune Security Baseline for Windows10 with Id {$Id} and Name {$DisplayName}" + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $currentInstance = Get-TargetResource @PSBoundParameters + + $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters + + $templateReferenceId = '66df8dce-0166-4b82-92f7-1f74e3ca17a3_1' + $platforms = 'windows10' + $technologies = 'mdm' + + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') + { + Write-Verbose -Message "Creating an Intune Security Baseline for Windows10 with Name {$DisplayName}" + $BoundParameters.Remove('Assignments') | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId ` + -ContainsDeviceAndUserSettings + + $createParameters = @{ + Name = $DisplayName + Description = $Description + TemplateReference = @{ templateId = $templateReferenceId } + Platforms = $platforms + Technologies = $technologies + Settings = $settings + } + + #region resource generator code + $policy = New-MgBetaDeviceManagementConfigurationPolicy -BodyParameter $createParameters + + if ($policy.Id) + { + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $policy.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + } + #endregion + } + elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Updating the Intune Security Baseline for Windows10 with Id {$($currentInstance.Id)}" + $BoundParameters.Remove('Assignments') | Out-Null + + $settings = Get-IntuneSettingCatalogPolicySetting ` + -DSCParams ([System.Collections.Hashtable]$BoundParameters) ` + -TemplateId $templateReferenceId ` + -ContainsDeviceAndUserSettings + + Update-IntuneDeviceConfigurationPolicy ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Name $DisplayName ` + -Description $Description ` + -TemplateReferenceId $templateReferenceId ` + -Platforms $platforms ` + -Technologies $technologies ` + -Settings $settings + + #region resource generator code + $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments + Update-DeviceConfigurationPolicyAssignment ` + -DeviceConfigurationPolicyId $currentInstance.Id ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/configurationPolicies' + #endregion + } + elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') + { + Write-Verbose -Message "Removing the Intune Security Baseline for Windows10 with Id {$($currentInstance.Id)}" + #region resource generator code + Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentInstance.Id + #endregion + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + param + ( + #region resource generator code + [Parameter()] + [System.String] + $Description, + + [Parameter(Mandatory = $true)] + [System.String] + $DisplayName, + + [Parameter()] + [System.String[]] + $RoleScopeTagIds, + + [Parameter()] + [System.String] + $Id, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $DeviceSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance] + $UserSettings, + + [Parameter()] + [Microsoft.Management.Infrastructure.CimInstance[]] + $Assignments, + #endregion + + [Parameter()] + [System.String] + [ValidateSet('Absent', 'Present')] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of the Intune Security Baseline for Windows10 with Id {$Id} and Name {$DisplayName}" + + $CurrentValues = Get-TargetResource @PSBoundParameters + [Hashtable]$ValuesToCheck = @{} + $MyInvocation.MyCommand.Parameters.GetEnumerator() | ForEach-Object { + if ($_.Key -notlike '*Variable' -or $_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction')) + { + if ($null -ne $CurrentValues[$_.Key] -or $null -ne $PSBoundParameters[$_.Key]) + { + $ValuesToCheck.Add($_.Key, $null) + if (-not $PSBoundParameters.ContainsKey($_.Key)) + { + $PSBoundParameters.Add($_.Key, $null) + } + } + } + } + + if ($CurrentValues.Ensure -ne $Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + $testResult = $true + + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) + { + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($null -ne $source -and $source.GetType().Name -like '*CimInstance*') + { + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if (-not $testResult) + { + break + } + + $ValuesToCheck.Remove($key) | Out-Null + } + } + + $ValuesToCheck.Remove('Id') | Out-Null + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + if ($testResult) + { + $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + param + ( + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.Management.Automation.PSCredential] + $ApplicationSecret, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity, + + [Parameter()] + [System.String[]] + $AccessTokens + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + #region resource generator code + $policyTemplateID = '66df8dce-0166-4b82-92f7-1f74e3ca17a3_1' + [array]$getValue = Get-MgBetaDeviceManagementConfigurationPolicy ` + -Filter $Filter ` + -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { + $_.TemplateReference.TemplateId -eq $policyTemplateID + } + #endregion + + $i = 1 + $dscContent = '' + if ($getValue.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($config in $getValue) + { + $displayedKey = $config.Id + if (-not [String]::IsNullOrEmpty($config.displayName)) + { + $displayedKey = $config.displayName + } + elseif (-not [string]::IsNullOrEmpty($config.name)) + { + $displayedKey = $config.name + } + Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + $params = @{ + Id = $config.Id + DisplayName = $config.Name + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + } + + $Results = Get-TargetResource @Params + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + if ($null -ne $Results.DeviceSettings) + { + $complexMapping = @( + @{ + Name = 'DeviceSettings' + CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10' + IsRequired = $False + } + @{ + Name = 'pol_hardenedpaths' + CimInstanceName = 'MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths' + IsRequired = $False + } + ) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.DeviceSettings ` + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10' ` + -ComplexTypeMapping $complexMapping + + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.DeviceSettings = $complexTypeStringResult + } + else + { + $Results.Remove('DeviceSettings') | Out-Null + } + } + if ($null -ne $Results.UserSettings) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` + -ComplexObject $Results.UserSettings ` + -CIMInstanceName 'MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10' + if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + { + $Results.UserSettings = $complexTypeStringResult + } + else + { + $Results.Remove('UserSettings') | Out-Null + } + } + + if ($Results.Assignments) + { + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) + { + $Results.Assignments = $complexTypeStringResult + } + else + { + $Results.Remove('Assignments') | Out-Null + } + } + + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($Results.DeviceSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DeviceSettings' -IsCIMArray:$False + } + if ($Results.UserSettings) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserSettings' -IsCIMArray:$False + } + + if ($Results.Assignments) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true + } + + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + $i++ + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.schema.mof new file mode 100644 index 0000000000..e99e01b1c3 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/MSFT_IntuneSecurityBaselineWindows10.schema.mof @@ -0,0 +1,527 @@ +[ClassVersion("1.0.0.0")] +class MSFT_DeviceManagementConfigurationPolicyAssignments +{ + [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; + [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; + [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; + [Write, Description("The group Id that is the target of the assignment.")] String groupId; + [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; + [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths +{ + [Write, Description("Value")] String value; + [Write, Description("Name")] String key; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 +{ + [Write, Description("Prevent enabling lock screen camera (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String CPL_Personalization_NoLockScreenCamera; + [Write, Description("Prevent enabling lock screen slide show (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String CPL_Personalization_NoLockScreenSlideshow; + [Write, Description("Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_0201_LATFP; + [Write, Description("Configure SMB v1 client driver (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_0002_SMBv1_ClientDriver; + [Write, Description("Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer))"), ValueMap{"4", "3", "2"}, Values{"4", "3", "2"}] String Pol_SecGuide_SMB1ClientDriver; + [Write, Description("Configure SMB v1 server (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_0001_SMBv1_Server; + [Write, Description("Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_0102_SEHOP; + [Write, Description("WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_SecGuide_0202_WDigestAuthn; + [Write, Description("MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_MSS_DisableIPSourceRoutingIPv6; + [Write, Description("DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DisableIPSourceRoutingIPv6; + [Write, Description("MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_MSS_DisableIPSourceRouting; + [Write, Description("DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DisableIPSourceRouting; + [Write, Description("MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_MSS_EnableICMPRedirect; + [Write, Description("MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Pol_MSS_NoNameReleaseOnDemand; + [Write, Description("Turn off multicast name resolution (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Turn_Off_Multicast; + [Write, Description("Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NC_ShowSharedAccessUI; + [Write, Description("Hardened UNC Paths (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String hardeneduncpaths_Pol_HardenedPaths; + [Write, Description("Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths"), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths")] String pol_hardenedpaths[]; + [Write, Description("Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WCM_BlockNonDomain; + [Write, Description("Configure Redirection Guard (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureRedirectionGuardPolicy; + [Write, Description("Redirection Guard Options (Device) - Depends on ConfigureRedirectionGuardPolicy (0: Redirection Guard Disabled, 1: Redirection Guard Enabled, 2: Redirection Guard Audit Only)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RedirectionGuardPolicy_Enum; + [Write, Description("Configure RPC connection settings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureRpcConnectionPolicy; + [Write, Description("Use authentication for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: Default, 1: Authentication enabled, 2: Authentication disabled)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RpcConnectionAuthentication_Enum; + [Write, Description("Protocol to use for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: RPC over TCP, 1: RPC over named pipes)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RpcConnectionProtocol_Enum; + [Write, Description("Configure RPC listener settings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureRpcListenerPolicy; + [Write, Description("Authentication protocol to use for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (0: Negotiate, 1: Kerberos)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RpcAuthenticationProtocol_Enum; + [Write, Description("Protocols to allow for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (3: RPC over named pipes, 5: RPC over TCP, 7: RPC over named pipes and TCP)"), ValueMap{"3", "5", "7"}, Values{"3", "5", "7"}] String RpcListenerProtocols_Enum; + [Write, Description("Configure RPC over TCP port (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureRpcTcpPort; + [Write, Description("RPC over TCP port: (Device) - Depends on ConfigureRpcTcpPort")] SInt32 RpcTcpPort; + [Write, Description("Limits print driver installation to Administrators (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RestrictDriverInstallationToAdministrators; + [Write, Description("Manage processing of Queue-specific files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ConfigureCopyFilesPolicy; + [Write, Description("Manage processing of Queue-Specific files: (Device) - Depends on ConfigureCopyFilesPolicy (0: Do not allow Queue-specific files, 1: Limit Queue-specific files to Color profiles, 2: Allow all Queue-specfic files)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String CopyFilesPolicy_Enum; + [Write, Description("Encryption Oracle Remediation (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowEncryptionOracle; + [Write, Description("Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowEncryptionOracleDrop; + [Write, Description("Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowProtectedCreds; + [Write, Description("Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny; + [Write, Description("Prevented Classes - Depends on DeviceInstall_Classes_Deny")] String DeviceInstall_Classes_Deny_List[]; + [Write, Description("Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DeviceInstall_Classes_Deny_Retroactive; + [Write, Description("Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String POL_DriverLoadPolicy_Name; + [Write, Description("Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All)"), ValueMap{"8", "1", "3", "7"}, Values{"8", "1", "3", "7"}] String SelectDriverLoadPolicy; + [Write, Description("Configure registry policy processing (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String CSE_Registry; + [Write, Description("Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String CSE_NOBACKGROUND10; + [Write, Description("Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String CSE_NOCHANGES10; + [Write, Description("Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableWebPnPDownload_2; + [Write, Description("Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ShellPreventWPWDownload_2; + [Write, Description("Allow Custom SSPs and APs to be loaded into LSASS (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowCustomSSPsAPs; + [Write, Description("Allow standby states (S1-S3) when sleeping (on battery) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStandbyStatesDC_2; + [Write, Description("Allow standby states (S1-S3) when sleeping (plugged in) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowStandbyStatesAC_2; + [Write, Description("Require a password when a computer wakes (on battery) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DCPromptForPasswordOnResume_2; + [Write, Description("Require a password when a computer wakes (plugged in) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ACPromptForPasswordOnResume_2; + [Write, Description("Configure Solicited Remote Assistance (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RA_Solicit; + [Write, Description("Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RA_Solicit_ExpireUnits_List; + [Write, Description("Maximum ticket time (value): - Depends on RA_Solicit")] SInt32 RA_Solicit_ExpireValue_Edt; + [Write, Description("Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer)"), ValueMap{"1", "0"}, Values{"1", "0"}] String RA_Solicit_Control_List; + [Write, Description("Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RA_Solicit_Mailto_List; + [Write, Description("Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RpcRestrictRemoteClients; + [Write, Description("RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RpcRestrictRemoteClientsList; + [Write, Description("Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AppxRuntimeMicrosoftAccountsOptional; + [Write, Description("Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoAutoplayfornonVolume; + [Write, Description("Set the default behavior for AutoRun (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoAutorun; + [Write, Description("Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands)"), ValueMap{"1", "2"}, Values{"1", "2"}] String NoAutorun_Dropdown; + [Write, Description("Turn off Autoplay (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Autorun; + [Write, Description("Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives)"), ValueMap{"181", "255"}, Values{"181", "255"}] String Autorun_Box; + [Write, Description("Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String FDVDenyWriteAccess_Name; + [Write, Description("Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVDenyWriteAccess_Name; + [Write, Description("Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RDVCrossOrg; + [Write, Description("Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnumerateAdministrators; + [Write, Description("Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Channel_LogMaxSize_1; + [Write, Description("Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1")] SInt32 Channel_LogMaxSize_1_Channel_LogMaxSize; + [Write, Description("Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Channel_LogMaxSize_2; + [Write, Description("Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2")] SInt32 Channel_LogMaxSize_2_Channel_LogMaxSize; + [Write, Description("Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Channel_LogMaxSize_4; + [Write, Description("Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4")] SInt32 Channel_LogMaxSize_4_Channel_LogMaxSize; + [Write, Description("Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableSmartScreen; + [Write, Description("Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)"), ValueMap{"block", "warn"}, Values{"block", "warn"}] String EnableSmartScreenDropdown; + [Write, Description("Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoDataExecutionPrevention; + [Write, Description("Turn off heap termination on corruption (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoHeapTerminationOnCorruption; + [Write, Description("Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_InvalidSignatureBlock; + [Write, Description("Check for server certificate revocation (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_CertificateRevocation; + [Write, Description("Check for signatures on downloaded programs (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_DownloadSignatures; + [Write, Description("Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_DisableEPMCompat; + [Write, Description("Turn off encryption support (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_SetWinInetProtocols; + [Write, Description("Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)"), ValueMap{"0", "8", "32", "40", "128", "136", "160", "168", "512", "520", "544", "552", "640", "648", "672", "680", "2048", "2056", "2080", "2088", "2176", "2184", "2208", "2216", "2560", "2568", "2592", "2600", "2688", "2696", "2720", "2728", "8192", "10240", "10752", "10880", "10912"}, Values{"0", "8", "32", "40", "128", "136", "160", "168", "512", "520", "544", "552", "640", "648", "672", "680", "2048", "2056", "2080", "2088", "2176", "2184", "2208", "2216", "2560", "2568", "2592", "2600", "2688", "2696", "2720", "2728", "8192", "10240", "10752", "10880", "10912"}] String Advanced_WinInetProtocolOptions; + [Write, Description("Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_EnableEnhancedProtectedMode64Bit; + [Write, Description("Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_EnableEnhancedProtectedMode; + [Write, Description("Prevent ignoring certificate errors (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoCertError; + [Write, Description("Access data sources across domains (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAccessDataSourcesAcrossDomains_1; + [Write, Description("Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406; + [Write, Description("Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowPasteViaScript_1; + [Write, Description("Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407; + [Write, Description("Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDropOrPasteFiles_1; + [Write, Description("Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802; + [Write, Description("Allow loading of XAML files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_XAML_1; + [Write, Description("XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Policy_XAML_1_IZ_Partname2402; + [Write, Description("Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet; + [Write, Description("Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b; + [Write, Description("Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowTDCControl_Both_Internet; + [Write, Description("Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c; + [Write, Description("Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyWindowsRestrictionsURLaction_1; + [Write, Description("Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102; + [Write, Description("Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_WebBrowserControl_1; + [Write, Description("Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_WebBrowserControl_1_IZ_Partname1206; + [Write, Description("Allow scriptlets (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_AllowScriptlets_1; + [Write, Description("Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_AllowScriptlets_1_IZ_Partname1209; + [Write, Description("Allow updates to status bar via script (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_ScriptStatusBar_1; + [Write, Description("Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_ScriptStatusBar_1_IZ_Partname2103; + [Write, Description("Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowVBScript_1; + [Write, Description("Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAllowVBScript_1_IZ_Partname140C; + [Write, Description("Automatic prompting for file downloads (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyNotificationBarDownloadURLaction_1; + [Write, Description("Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200; + [Write, Description("Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_1; + [Write, Description("Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C; + [Write, Description("Download signed ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDownloadSignedActiveX_1; + [Write, Description("Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001; + [Write, Description("Download unsigned ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDownloadUnsignedActiveX_1; + [Write, Description("Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004; + [Write, Description("Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet; + [Write, Description("Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709; + [Write, Description("Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet; + [Write, Description("Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708; + [Write, Description("Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_LocalPathForUpload_1; + [Write, Description("Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_LocalPathForUpload_1_IZ_Partname160A; + [Write, Description("Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_1; + [Write, Description("Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_1; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_1_IZ_Partname1C00; + [Write, Description("Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyLaunchAppsAndFilesInIFRAME_1; + [Write, Description("Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804; + [Write, Description("Logon options (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyLogon_1; + [Write, Description("Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)"), ValueMap{"196608", "131072", "0", "65536"}, Values{"196608", "131072", "0", "65536"}] String IZ_PolicyLogon_1_IZ_Partname1A00; + [Write, Description("Navigate windows and frames across different domains (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyNavigateSubframesAcrossDomains_1; + [Write, Description("Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607; + [Write, Description("Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyUnsignedFrameworkComponentsURLaction_1; + [Write, Description("Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004; + [Write, Description("Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicySignedFrameworkComponentsURLaction_1; + [Write, Description("Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001; + [Write, Description("Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_UnsafeFiles_1; + [Write, Description("Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Policy_UnsafeFiles_1_IZ_Partname1806; + [Write, Description("Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyTurnOnXSSFilter_Both_Internet; + [Write, Description("Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409; + [Write, Description("Turn on Protected Mode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_TurnOnProtectedMode_1; + [Write, Description("Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500; + [Write, Description("Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_Phishing_1; + [Write, Description("Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_Phishing_1_IZ_Partname2301; + [Write, Description("Use Pop-up Blocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyBlockPopupWindows_1; + [Write, Description("Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyBlockPopupWindows_1_IZ_Partname1809; + [Write, Description("Userdata persistence (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyUserdataPersistence_1; + [Write, Description("Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyUserdataPersistence_1_IZ_Partname1606; + [Write, Description("Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyZoneElevationURLaction_1; + [Write, Description("Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101; + [Write, Description("Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_UNCAsIntranet; + [Write, Description("Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_3; + [Write, Description("Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C; + [Write, Description("Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_3; + [Write, Description("Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_3; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_3_IZ_Partname1C00; + [Write, Description("Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_9; + [Write, Description("Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_9; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_9_IZ_Partname1C00; + [Write, Description("Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_Phishing_2; + [Write, Description("Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_Phishing_2_IZ_Partname2301; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_4; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_4_IZ_Partname1C00; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_10; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_10_IZ_Partname1C00; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_8; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_8_IZ_Partname1C00; + [Write, Description("Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_Phishing_8; + [Write, Description("Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_Phishing_8_IZ_Partname2301; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_6; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_6_IZ_Partname1C00; + [Write, Description("Access data sources across domains (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAccessDataSourcesAcrossDomains_7; + [Write, Description("Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406; + [Write, Description("Allow active scripting (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyActiveScripting_7; + [Write, Description("Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Partname1400; + [Write, Description("Allow binary and script behaviors (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyBinaryBehaviors_7; + [Write, Description("Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable)"), ValueMap{"0", "65536", "3"}, Values{"0", "65536", "3"}] String IZ_Partname2000; + [Write, Description("Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowPasteViaScript_7; + [Write, Description("Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407; + [Write, Description("Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDropOrPasteFiles_7; + [Write, Description("Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802; + [Write, Description("Allow file downloads (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyFileDownload_7; + [Write, Description("Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Partname1803; + [Write, Description("Allow loading of XAML files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_XAML_7; + [Write, Description("XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Policy_XAML_7_IZ_Partname2402; + [Write, Description("Allow META REFRESH (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowMETAREFRESH_7; + [Write, Description("Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Partname1608; + [Write, Description("Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted; + [Write, Description("Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b; + [Write, Description("Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowTDCControl_Both_Restricted; + [Write, Description("Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c; + [Write, Description("Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyWindowsRestrictionsURLaction_7; + [Write, Description("Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102; + [Write, Description("Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_WebBrowserControl_7; + [Write, Description("Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_WebBrowserControl_7_IZ_Partname1206; + [Write, Description("Allow scriptlets (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_AllowScriptlets_7; + [Write, Description("Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_AllowScriptlets_7_IZ_Partname1209; + [Write, Description("Allow updates to status bar via script (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_ScriptStatusBar_7; + [Write, Description("Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_ScriptStatusBar_7_IZ_Partname2103; + [Write, Description("Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAllowVBScript_7; + [Write, Description("Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyAllowVBScript_7_IZ_Partname140C; + [Write, Description("Automatic prompting for file downloads (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyNotificationBarDownloadURLaction_7; + [Write, Description("Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200; + [Write, Description("Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_7; + [Write, Description("Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C; + [Write, Description("Download signed ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDownloadSignedActiveX_7; + [Write, Description("Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001; + [Write, Description("Download unsigned ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDownloadUnsignedActiveX_7; + [Write, Description("Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004; + [Write, Description("Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted; + [Write, Description("Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709; + [Write, Description("Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted; + [Write, Description("Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708; + [Write, Description("Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_LocalPathForUpload_7; + [Write, Description("Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_LocalPathForUpload_7_IZ_Partname160A; + [Write, Description("Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_7; + [Write, Description("Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_7; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_7_IZ_Partname1C00; + [Write, Description("Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyLaunchAppsAndFilesInIFRAME_7; + [Write, Description("Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804; + [Write, Description("Logon options (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyLogon_7; + [Write, Description("Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)"), ValueMap{"196608", "131072", "0", "65536"}, Values{"196608", "131072", "0", "65536"}] String IZ_PolicyLogon_7_IZ_Partname1A00; + [Write, Description("Navigate windows and frames across different domains (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyNavigateSubframesAcrossDomains_7; + [Write, Description("Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607; + [Write, Description("Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyUnsignedFrameworkComponentsURLaction_7; + [Write, Description("Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004; + [Write, Description("Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicySignedFrameworkComponentsURLaction_7; + [Write, Description("Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001; + [Write, Description("Run ActiveX controls and plugins (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyRunActiveXControls_7; + [Write, Description("Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"65536", "0", "3", "1"}, Values{"65536", "0", "3", "1"}] String IZ_Partname1200; + [Write, Description("Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptActiveXMarkedSafe_7; + [Write, Description("Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Partname1405; + [Write, Description("Scripting of Java applets (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptingOfJavaApplets_7; + [Write, Description("Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Partname1402; + [Write, Description("Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_UnsafeFiles_7; + [Write, Description("Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_Policy_UnsafeFiles_7_IZ_Partname1806; + [Write, Description("Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyTurnOnXSSFilter_Both_Restricted; + [Write, Description("Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409; + [Write, Description("Turn on Protected Mode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_TurnOnProtectedMode_7; + [Write, Description("Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500; + [Write, Description("Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_Policy_Phishing_7; + [Write, Description("Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_Policy_Phishing_7_IZ_Partname2301; + [Write, Description("Use Pop-up Blocker (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyBlockPopupWindows_7; + [Write, Description("Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyBlockPopupWindows_7_IZ_Partname1809; + [Write, Description("Userdata persistence (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyUserdataPersistence_7; + [Write, Description("Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable)"), ValueMap{"0", "3"}, Values{"0", "3"}] String IZ_PolicyUserdataPersistence_7_IZ_Partname1606; + [Write, Description("Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyZoneElevationURLaction_7; + [Write, Description("Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101; + [Write, Description("Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_5; + [Write, Description("Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable)"), ValueMap{"3", "0"}, Values{"3", "0"}] String IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C; + [Write, Description("Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_5; + [Write, Description("Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt)"), ValueMap{"0", "3", "1"}, Values{"0", "3", "1"}] String IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201; + [Write, Description("Java permissions (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyJavaPermissions_5; + [Write, Description("Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)"), ValueMap{"65536", "131072", "196608", "8388608", "0"}, Values{"65536", "131072", "196608", "8388608", "0"}] String IZ_PolicyJavaPermissions_5_IZ_Partname1C00; + [Write, Description("Turn on certificate address mismatch warning (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IZ_PolicyWarnCertMismatch; + [Write, Description("Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableSafetyFilterOverride; + [Write, Description("Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableSafetyFilterOverrideForAppRepUnknown; + [Write, Description("Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Disable_Managing_Safety_Filter_IE9; + [Write, Description("Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IE9SafetyFilterOptions; + [Write, Description("Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisablePerUserActiveXInstall; + [Write, Description("Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String VerMgmtDisableRunThisTime; + [Write, Description("Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String VerMgmtDisable; + [Write, Description("Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Advanced_EnableSSL3Fallback; + [Write, Description("Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites)"), ValueMap{"0", "1", "3"}, Values{"0", "1", "3"}] String Advanced_EnableSSL3FallbackOptions; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_5; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_6; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_3; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_10; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_9; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_11; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_12; + [Write, Description("Internet Explorer Processes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String IESF_PolicyExplorerProcesses_8; + [Write, Description("Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Security_zones_map_edit; + [Write, Description("Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Security_options_edit; + [Write, Description("Security Zones: Use only machine settings (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Security_HKLM_only; + [Write, Description("Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String OnlyUseAXISForActiveXInstall; + [Write, Description("Turn off Crash Detection (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AddonManagement_RestrictCrashDetection; + [Write, Description("Turn off the Security Settings Check feature (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Disable_Security_Settings_Check; + [Write, Description("Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableBlockAtFirstSeen; + [Write, Description("Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RealtimeProtection_DisableScanOnRealtimeEnable; + [Write, Description("Scan packed executables (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Scan_DisablePackedExeScanning; + [Write, Description("Turn off routine remediation (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableRoutinelyTakingAction; + [Write, Description("Do not allow passwords to be saved (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String TS_CLIENT_DISABLE_PASSWORD_SAVING_2; + [Write, Description("Do not allow drive redirection (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String TS_CLIENT_DRIVE_M; + [Write, Description("Always prompt for password upon connection (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String TS_PASSWORD; + [Write, Description("Require secure RPC communication (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String TS_RPC_ENCRYPTION; + [Write, Description("Set client connection encryption level (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String TS_ENCRYPTION_POLICY; + [Write, Description("Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level)"), ValueMap{"1", "2", "3"}, Values{"1", "2", "3"}] String TS_ENCRYPTION_LEVEL; + [Write, Description("Prevent downloading of enclosures (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Disable_Downloading_of_Enclosures; + [Write, Description("Enable MPR notifications for the system (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableMPRNotifications; + [Write, Description("Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AutomaticRestartSignOn; + [Write, Description("Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableScriptBlockLogging; + [Write, Description("Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableScriptBlockInvocationLogging; + [Write, Description("Allow Basic authentication (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowBasic_2; + [Write, Description("Allow unencrypted traffic (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUnencrypted_2; + [Write, Description("Disallow Digest authentication (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisallowDigest; + [Write, Description("Allow Basic authentication (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowBasic_1; + [Write, Description("Allow unencrypted traffic (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowUnencrypted_1; + [Write, Description("Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableRunAs; + [Write, Description("Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogon_AuditCredentialValidation; + [Write, Description("Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogonLogoff_AuditAccountLockout; + [Write, Description("Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogonLogoff_AuditGroupMembership; + [Write, Description("Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogonLogoff_AuditLogon; + [Write, Description("Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PolicyChange_AuditAuthenticationPolicyChange; + [Write, Description("Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PolicyChange_AuditPolicyChange; + [Write, Description("Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditFileShare; + [Write, Description("Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogonLogoff_AuditOtherLogonLogoffEvents; + [Write, Description("Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountManagement_AuditSecurityGroupManagement; + [Write, Description("Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String System_AuditSecuritySystemExtension; + [Write, Description("Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountLogonLogoff_AuditSpecialLogon; + [Write, Description("Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String AccountManagement_AuditUserAccountManagement; + [Write, Description("Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String DetailedTracking_AuditPNPActivity; + [Write, Description("Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String DetailedTracking_AuditProcessCreation; + [Write, Description("Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditDetailedFileShare; + [Write, Description("Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditOtherObjectAccessEvents; + [Write, Description("Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ObjectAccess_AuditRemovableStorage; + [Write, Description("Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PolicyChange_AuditMPSSVCRuleLevelPolicyChange; + [Write, Description("Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PolicyChange_AuditOtherPolicyChangeEvents; + [Write, Description("Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String PrivilegeUse_AuditSensitivePrivilegeUse; + [Write, Description("System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String System_AuditOtherSystemEvents; + [Write, Description("System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String System_AuditSecurityStateChange; + [Write, Description("System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String System_AuditSystemIntegrity; + [Write, Description("Allow Password Manager (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowPasswordManager; + [Write, Description("Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSmartScreen; + [Write, Description("Prevent Cert Error Overrides (0: Allowed/turned on. Override the security warning to sites that have SSL errors., 1: Prevented/turned on.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PreventCertErrorOverrides; + [Write, Description("Prevent Smart Screen Prompt Override (0: Allowed/turned off. Users can ignore the warning and continue to the site., 1: Prevented/turned on.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Browser_PreventSmartScreenPromptOverride; + [Write, Description("Prevent Smart Screen Prompt Override For Files (0: Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s)., 1: Prevented/turned on.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PreventSmartScreenPromptOverrideForFiles; + [Write, Description("Allow Direct Memory Access (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowDirectMemoryAccess; + [Write, Description("Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowArchiveScanning; + [Write, Description("Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowBehaviorMonitoring; + [Write, Description("Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowCloudProtection; + [Write, Description("Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowFullScanRemovableDriveScanning; + [Write, Description("Allow On Access Protection (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowOnAccessProtection; + [Write, Description("Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowRealtimeMonitoring; + [Write, Description("Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowIOAVProtection; + [Write, Description("Allow Script Scanning (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowScriptScanning; + [Write, Description("Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockExecutionOfPotentiallyObfuscatedScripts; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockWin32APICallsFromOfficeMacros; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions[]; + [Write, Description("Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockOfficeCommunicationAppFromCreatingChildProcesses; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions[]; + [Write, Description("Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockAllOfficeApplicationsFromCreatingChildProcesses; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockAdobeReaderFromCreatingChildProcesses; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions[]; + [Write, Description("Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions[]; + [Write, Description("Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockWebshellCreationForServers; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockWebshellCreationForServers_ASROnlyPerRuleExclusions[]; + [Write, Description("Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockUntrustedUnsignedProcessesThatRunFromUSB; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions[]; + [Write, Description("Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockPersistenceThroughWMIEventSubscription; + [Write, Description("[PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockUseOfCopiedOrImpersonatedSystemTools; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions[]; + [Write, Description("Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockAbuseOfExploitedVulnerableSignedDrivers; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions[]; + [Write, Description("Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockProcessCreationsFromPSExecAndWMICommands; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockOfficeApplicationsFromCreatingExecutableContent; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions[]; + [Write, Description("Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions[]; + [Write, Description("[PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockRebootingMachineInSafeMode; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions[]; + [Write, Description("Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String UseAdvancedProtectionAgainstRansomware; + [Write, Description("ASR Only Per Rule Exclusions")] String UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions[]; + [Write, Description("Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)"), ValueMap{"off", "block", "audit", "warn"}, Values{"off", "block", "audit", "warn"}] String BlockExecutableContentFromEmailClientAndWebmail; + [Write, Description("ASR Only Per Rule Exclusions")] String BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions[]; + [Write, Description("Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)"), ValueMap{"0", "2", "4", "6"}, Values{"0", "2", "4", "6"}] String CloudBlockLevel; + [Write, Description("Cloud Extended Timeout")] SInt32 CloudExtendedTimeout; + [Write, Description("Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DisableLocalAdminMerge; + [Write, Description("Enable File Hash Computation (0: Disable, 1: Enable)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableFileHashComputation; + [Write, Description("Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String EnableNetworkProtection; + [Write, Description("Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)"), ValueMap{"1", "0"}, Values{"1", "0"}] String HideExclusionsFromLocalAdmins; + [Write, Description("PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String PUAProtection; + [Write, Description("Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String RealTimeScanDirection; + [Write, Description("Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String SubmitSamplesConsent; + [Write, Description("Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String ConfigureSystemGuardLaunch; + [Write, Description("Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LsaCfgFlags; + [Write, Description("Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableVirtualizationBasedSecurity; + [Write, Description("Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.)"), ValueMap{"1", "3"}, Values{"1", "3"}] String RequirePlatformSecurityFeatures; + [Write, Description("Device Password Enabled (0: Enabled, 1: Disabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String DevicePasswordEnabled; + [Write, Description("Device Password Expiration - Depends on DevicePasswordEnabled")] SInt32 DevicePasswordExpiration; + [Write, Description("Min Device Password Length - Depends on DevicePasswordEnabled")] SInt32 MinDevicePasswordLength; + [Write, Description("Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AlphanumericDevicePasswordRequired; + [Write, Description("Max Device Password Failed Attempts - Depends on DevicePasswordEnabled")] SInt32 MaxDevicePasswordFailedAttempts; + [Write, Description("Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] String MinDevicePasswordComplexCharacters; + [Write, Description("Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled")] SInt32 MaxInactivityTimeDeviceLock; + [Write, Description("Device Password History - Depends on DevicePasswordEnabled")] SInt32 DevicePasswordHistory; + [Write, Description("Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowSimpleDevicePassword; + [Write, Description("Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String DeviceEnumerationPolicy; + [Write, Description("Enable Insecure Guest Logons (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableInsecureGuestLogons; + [Write, Description("Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly; + [Write, Description("Interactive Logon Machine Inactivity Limit")] SInt32 InteractiveLogon_MachineInactivityLimit; + [Write, Description("Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String InteractiveLogon_SmartCardRemovalBehavior; + [Write, Description("Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String MicrosoftNetworkClient_DigitallySignCommunicationsAlways; + [Write, Description("Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers; + [Write, Description("Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String MicrosoftNetworkServer_DigitallySignCommunicationsAlways; + [Write, Description("Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled)"), ValueMap{"1", "0"}, Values{"1", "0"}] String NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts; + [Write, Description("Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled)"), ValueMap{"1", "0"}, Values{"1", "0"}] String NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares; + [Write, Description("Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares; + [Write, Description("Network Access Restrict Clients Allowed To Make Remote Calls To SAM")] String NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM; + [Write, Description("Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange; + [Write, Description("Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String NetworkSecurity_LANManagerAuthenticationLevel; + [Write, Description("Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)"), ValueMap{"0", "524288", "536870912", "537395200"}, Values{"0", "524288", "536870912", "537395200"}] String NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients; + [Write, Description("Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)"), ValueMap{"0", "524288", "536870912", "537395200"}, Values{"0", "524288", "536870912", "537395200"}] String NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers; + [Write, Description("User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries)"), ValueMap{"0", "1", "2", "3", "4", "5"}, Values{"0", "1", "2", "3", "4", "5"}] String UserAccountControl_BehaviorOfTheElevationPromptForAdministrators; + [Write, Description("User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials)"), ValueMap{"0", "1", "3"}, Values{"0", "1", "3"}] String UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers; + [Write, Description("User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String UserAccountControl_DetectApplicationInstallationsAndPromptForElevation; + [Write, Description("User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations; + [Write, Description("User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String UserAccountControl_RunAllAdministratorsInAdminApprovalMode; + [Write, Description("User Account Control Use Admin Approval Mode (1: Enable, 0: Disable)"), ValueMap{"1", "0"}, Values{"1", "0"}] String UserAccountControl_UseAdminApprovalMode; + [Write, Description("User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations; + [Write, Description("Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String ConfigureLsaProtectedProcess; + [Write, Description("Allow Game DVR (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowGameDVR; + [Write, Description("MSI Allow User Control Over Install (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MSIAllowUserControlOverInstall; + [Write, Description("MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MSIAlwaysInstallWithElevatedPrivileges; + [Write, Description("Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String SmartScreenEnabled; + [Write, Description("Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftEdge_SmartScreen_PreventSmartScreenPromptOverride; + [Write, Description("Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String LetAppsActivateWithVoiceAboveLock; + [Write, Description("Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowIndexingEncryptedStoresOrItems; + [Write, Description("Enable Smart Screen In Shell (0: Disabled., 1: Enabled.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableSmartScreenInShell; + [Write, Description("Notify Malicious (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NotifyMalicious; + [Write, Description("Notify Password Reuse (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NotifyPasswordReuse; + [Write, Description("Notify Unsafe App (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NotifyUnsafeApp; + [Write, Description("Service Enabled (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ServiceEnabled; + [Write, Description("Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String PreventOverrideForFilesInShell; + [Write, Description("Configure Xbox Accessory Management Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)"), ValueMap{"2", "3", "4"}, Values{"2", "3", "4"}] String ConfigureXboxAccessoryManagementServiceStartupMode; + [Write, Description("Configure Xbox Live Auth Manager Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)"), ValueMap{"2", "3", "4"}, Values{"2", "3", "4"}] String ConfigureXboxLiveAuthManagerServiceStartupMode; + [Write, Description("Configure Xbox Live Game Save Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)"), ValueMap{"2", "3", "4"}, Values{"2", "3", "4"}] String ConfigureXboxLiveGameSaveServiceStartupMode; + [Write, Description("Configure Xbox Live Networking Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)"), ValueMap{"2", "3", "4"}, Values{"2", "3", "4"}] String ConfigureXboxLiveNetworkingServiceStartupMode; + [Write, Description("Enable Xbox Game Save Task (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String EnableXboxGameSaveTask; + [Write, Description("Access From Network")] String AccessFromNetwork[]; + [Write, Description("Allow Local Log On")] String AllowLocalLogOn[]; + [Write, Description("Backup Files And Directories")] String BackupFilesAndDirectories[]; + [Write, Description("Create Global Objects")] String CreateGlobalObjects[]; + [Write, Description("Create Page File")] String CreatePageFile[]; + [Write, Description("Debug Programs")] String DebugPrograms[]; + [Write, Description("Deny Access From Network")] String DenyAccessFromNetwork[]; + [Write, Description("Deny Remote Desktop Services Log On")] String DenyRemoteDesktopServicesLogOn[]; + [Write, Description("Impersonate Client")] String ImpersonateClient[]; + [Write, Description("Load Unload Device Drivers")] String LoadUnloadDeviceDrivers[]; + [Write, Description("Manage Auditing And Security Log")] String ManageAuditingAndSecurityLog[]; + [Write, Description("Manage Volume")] String ManageVolume[]; + [Write, Description("Modify Firmware Environment")] String ModifyFirmwareEnvironment[]; + [Write, Description("Profile Single Process")] String ProfileSingleProcess[]; + [Write, Description("Remote Shutdown")] String RemoteShutdown[]; + [Write, Description("Restore Files And Directories")] String RestoreFilesAndDirectories[]; + [Write, Description("Take Ownership")] String TakeOwnership[]; + [Write, Description("Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String HypervisorEnforcedCodeIntegrity; + [Write, Description("Allow Auto Connect To Wi Fi Sense Hotspots (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowAutoConnectToWiFiSenseHotspots; + [Write, Description("Allow Internet Sharing (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowInternetSharing; + [Write, Description("Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)"), ValueMap{"false", "true"}, Values{"false", "true"}] String FacialFeaturesUseEnhancedAntiSpoofing; + [Write, Description("Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String AllowWindowsInkWorkspace; + [Write, Description("Backup Directory (0: Disabled (password will not be backed up), 1: Backup the password to Azure AD only, 2: Backup the password to Active Directory only)"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] String BackupDirectory; + [Write, Description("AD Encrypted Password History Size - Depends on BackupDirectory")] SInt32 ADEncryptedPasswordHistorySize; + [Write, Description("Password Age Days - Depends on BackupDirectory")] SInt32 passwordagedays; + [Write, Description("AD Password Encryption Enabled - Depends on BackupDirectory (false: Store the password in clear-text form in Active Directory, true: Store the password in encrypted form in Active Directory)"), ValueMap{"false", "true"}, Values{"false", "true"}] String ADPasswordEncryptionEnabled; + [Write, Description("Password Age Days - Depends on BackupDirectory")] SInt32 passwordagedays_aad; + [Write, Description("AD Password Encryption Principal - Depends on BackupDirectory")] String ADPasswordEncryptionPrincipal; + [Write, Description("Password Expiration Protection Enabled - Depends on BackupDirectory (false: Allow configured password expiriration timestamp to exceed maximum password age, true: Do not allow configured password expiriration timestamp to exceed maximum password age)"), ValueMap{"false", "true"}, Values{"false", "true"}] String PasswordExpirationProtectionEnabled; +}; + +[ClassVersion("1.0.0.0")] +class MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 +{ + [Write, Description("Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NoLockScreenToastNotification; + [Write, Description("Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String RestrictFormSuggestPW; + [Write, Description("Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True)"), ValueMap{"0", "1"}, Values{"0", "1"}] String ChkBox_PasswordAsk; + [Write, Description("Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWindowsSpotlight; + [Write, Description("Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWindowsTips; + [Write, Description("Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowTailoredExperiencesWithDiagnosticData; + [Write, Description("Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWindowsSpotlightOnActionCenter; + [Write, Description("Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWindowsConsumerFeatures; + [Write, Description("Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only)"), ValueMap{"0", "1", "2", "3"}, Values{"0", "1", "2", "3"}] String ConfigureWindowsSpotlightOnLockScreen; + [Write, Description("Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowWindowsSpotlightWindowsWelcomeExperience; + [Write, Description("Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.)"), ValueMap{"0", "1"}, Values{"0", "1"}] String AllowThirdPartySuggestionsInWindowsSpotlight; +}; + +[ClassVersion("1.0.0.0"), FriendlyName("IntuneSecurityBaselineWindows10")] +class MSFT_IntuneSecurityBaselineWindows10 : OMI_BaseResource +{ + [Write, Description("Policy description")] String Description; + [Key, Description("Policy name")] String DisplayName; + [Write, Description("List of Scope Tags for this Entity instance.")] String RoleScopeTagIds[]; + [Write, Description("The unique identifier for an entity. Read-only.")] String Id; + [Write, Description("The policy settings for the device scope."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10")] String DeviceSettings; + [Write, Description("The policy settings for the user scope."), EmbeddedInstance("MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10")] String UserSettings; + [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; + [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Access token used for authentication.")] String AccessTokens[]; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/readme.md new file mode 100644 index 0000000000..05204b24bb --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/readme.md @@ -0,0 +1,6 @@ + +# IntuneSecurityBaselineWindows10 + +## Description + +Intune Security Baseline for Windows10 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/settings.json new file mode 100644 index 0000000000..f088b15e29 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineWindows10/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneSecurityBaselineWindows10", + "description": "This resource configures an Intune Security Baseline for Windows10.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "DeviceManagementConfiguration.Read.All" + }, + { + "name": "Group.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementConfiguration.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 index aa2d5c8056..aa30e5e426 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 @@ -165,7 +165,7 @@ function Get-TargetResource if ((Get-MSCloudLoginConnectionProfile -Workload SecurityComplianceCenter).Connected -and ` (Get-MSCloudLoginConnectionProfile -Workload ExchangeOnline).Connected) { - Reset-MSCloudLoginConnectionProfileContext + Reset-MSCloudLoginConnectionProfileContext -Workload ExchangeOnline } $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` -InboundParameters $PSBoundParameters diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 index 602805cb67..75ee6a2896 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PPPowerAppPolicyUrlPatterns/MSFT_PPPowerAppPolicyUrlPatterns.psm1 @@ -173,9 +173,6 @@ function Set-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - $policy = Get-AdminDlpPolicy | Where-Object -FilterScript { $_.DisplayName -eq $PolicyName } - $policyNameValue = $policy.PolicyName - # CREATE if ($Ensure -eq 'Present') { @@ -192,10 +189,10 @@ function Set-TargetResource } } $payload = $(ConvertTo-Json $body -Depth 9 -Compress) - Write-Verbose -Message "Setting new Url Patterns for Policy {$($PolicyNameValue)} with parameters:`r`n$payload" + Write-Verbose -Message "Setting new Url Patterns for Policy {$($PolicyName)} with parameters:`r`n$payload" New-PowerAppPolicyUrlPatterns -TenantId $PPTenantId ` - -PolicyName $policyNameValue ` + -PolicyName $PolicyName ` -NewUrlPatterns $body ` -Verbose } @@ -203,7 +200,7 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent') { Write-Verbose -Message "Removing Url Patterns for Policy {$($PolicyNameValue)}" - Remove-PowerAppPolicyUrlPatterns -TenantId $PPTenantId -PolicyName $policyNameValue + Remove-PowerAppPolicyUrlPatterns -TenantId $PPTenantId -PolicyName $PolicyName } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index d23686aa96..fad94d5ab4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -196,7 +196,7 @@ function Get-TargetResource $ContentSharingInExternalMeetings, [Parameter()] - [ValidateSet('Enabled', 'EnabledWithTranscript')] + [ValidateSet('Disabled', 'Enabled', 'EnabledWithTranscript', 'EnabledWithTranscriptDefaultOn')] [System.String] $Copilot, @@ -394,7 +394,7 @@ function Get-TargetResource if ($null -eq $policy) { - Write-Verbose -Message "Could not find Teams Meeting Policy ${$Identity}" + Write-Verbose -Message "Could not find Teams Meeting Policy {$Identity}" return $nullReturn } Write-Verbose -Message "Found Teams Meeting Policy {$Identity}" @@ -690,7 +690,7 @@ function Set-TargetResource $ContentSharingInExternalMeetings, [Parameter()] - [ValidateSet('Enabled', 'EnabledWithTranscript')] + [ValidateSet('Disabled', 'Enabled', 'EnabledWithTranscript', 'EnabledWithTranscriptDefaultOn')] [System.String] $Copilot, @@ -1138,7 +1138,7 @@ function Test-TargetResource $ContentSharingInExternalMeetings, [Parameter()] - [ValidateSet('Enabled', 'EnabledWithTranscript')] + [ValidateSet('Disabled', 'Enabled', 'EnabledWithTranscript', 'EnabledWithTranscriptDefaultOn')] [System.String] $Copilot, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof index 839b879052..464e1c06b9 100644 Binary files a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof and b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.schema.mof differ diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 815cde6893..ae6428f743 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -114,7 +114,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.200' + RequiredVersion = '2.0.202' }, @{ ModuleName = 'MicrosoftTeams' @@ -122,7 +122,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.29" + RequiredVersion = "1.1.31" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/1-Create.ps1 new file mode 100644 index 0000000000..a0b3517eb0 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/1-Create.ps1 @@ -0,0 +1,51 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + { + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + HardenedUNCPaths_Pol_HardenedPaths = '1' + pol_hardenedPaths = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths{ + Key = '\\*\SYSVOL' + Value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + ) + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + { + AllowWindowsSpotlight = '1' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/2-Update.ps1 new file mode 100644 index 0000000000..9c33bb8e91 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/2-Update.ps1 @@ -0,0 +1,51 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + { + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + HardenedUNCPaths_Pol_HardenedPaths = '1' + pol_hardenedPaths = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths{ + Key = '\\*\SYSVOL' + Value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + ) + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + { + AllowWindowsSpotlight = '1' #drift + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/3-Remove.ps1 new file mode 100644 index 0000000000..ca70840d40 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneSecurityBaselineWindows10/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index ae8e5158c3..abcf010e69 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-12-11 +# Generated on: 2024-12-18 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1211.1' + ModuleVersion = '1.24.1218.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -148,23 +148,24 @@ # ReleaseNotes of this module ReleaseNotes = '* AADApplication - * Changed logic to remove all permissions when an empty array is specified. - FIXES [#5534](https://github.com/microsoft/Microsoft365DSC/issues/5534) -* AADFeatureRolloutPolicy - * Fixed policy retrieval - FIXES [#5521](https://github.com/microsoft/Microsoft365DSC/issues/5521) -* IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile - * Fixing issue with the way the QrCodeImage property was exported and handled. -* IntuneFirewallPolicyWindows10 - * Fix export of properties that appear multiple times in subsections. -* M365DSCDRGUtil - * Improve settings catalog handling for nested objects. -* M365DSCResourceGenerator - * Fixes an issue with nested object creation. + * Added support for Oauth2PermissionScopes. + * Fixes comparison issue for permissions. +* EXOTransportRule + * Fixes issue extracting arrays in Get-TargetResource. + * FIXES [#5575](https://github.com/microsoft/Microsoft365DSC/issues/5575) +* TeamsMeetingPolicy + * Adds support for additional Copilot setting value. + * FIXES [#5573](https://github.com/microsoft/Microsoft365DSC/issues/5573) + * FIXES [#5550](https://github.com/microsoft/Microsoft365DSC/issues/5550) * MISC - * Migrate `MSCloudLoginAssistant` authentication context access to cmdlets. + * Fixed the Fabric web request to use basic parsing. + * Reset only necessary authentication context. +* M365DSCUtil + * Update `Get-M365DSCWorkloadsListFromResourceNames` function for more input types. + FIXES [#5525](https://github.com/microsoft/Microsoft365DSC/issues/5525) * DEPENDENCIES - * Updated MSCloudLoginAssistant to version 1.1.29.' + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.202. + * Updated MSCloudLoginAssistant to version 1.1.31.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 9ed3c0922c..9c136ae97f 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -2032,6 +2032,10 @@ function Get-IntuneSettingCatalogPolicySettingInstanceValue { $childSettingValue.Add('settingInstanceTemplateReference', @{'settingInstanceTemplateId' = $childSettingInstanceTemplate.settingInstanceTemplateId }) } + if ($childSettingType -eq '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance') + { + $childSettingType = '#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance' + } $childSettingValue.Add('@odata.type', $childSettingType) $choiceSettingValueChildren += $childSettingValue } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 index 795c291c35..dd018afce6 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 @@ -100,6 +100,7 @@ 'microsoft_edge~Policy~microsoft_edge~*' { $settingName = $settingName.Replace('microsoft_edge~Policy~microsoft_edge', 'MicrosoftEdge_') } 'edge~httpauthentication*' { $settingName = $settingName.Replace('edge~httpauthentication', 'MicrosoftEdge_HTTPAuthentication') } 'edge~contentsettings*' { $settingName = $settingName.Replace('edge~contentsettings', 'MicrosoftEdge_ContentSettings') } + '*~SmartScreen_*' { $settingName = $settingName.Replace('~SmartScreen', 'SmartScreen') } '*~L_Security~*' { $settingName = $settingName.Replace('~L_Security', 'Security') } '*~L_TrustCenter*' { $settingName = $settingName.Replace('~L_TrustCenter', '_TrustCenter') } '*~L_ProtectedView_*' { $settingName = $settingName.Replace('~L_ProtectedView', 'ProtectedView') } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index c5e20e3cfb..76e01728c3 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -6,7 +6,7 @@ $Global:SessionSecurityCompliance = $null #region Extraction Modes $Global:DefaultComponents = @('SPOApp', 'SPOSiteDesign') -$Global:FullComponents = @('AADGroup', 'AADServicePrincipal', 'ADOSecurityPolicy', 'AzureSubscription','FabricAdminTenantSettings', ` +$Global:FullComponents = @('AADRoleManagementPolicyRule', 'AADGroup', 'AADServicePrincipal', 'ADOSecurityPolicy', 'AzureSubscription','FabricAdminTenantSettings', ` 'DefenderSubscriptionPlan', 'EXOCalendarProcessing', 'EXODistributionGroup', 'EXOMailboxAutoReplyConfiguration', ` 'EXOMailboxPermission','EXOMailboxCalendarFolder','EXOMailboxSettings', 'EXOManagementRole', 'O365Group', 'AADUser', ` 'PlannerPlan', 'PlannerBucket', 'PlannerTask', 'PPPowerAppsEnvironment', 'PPTenantSettings', 'SentinelSetting', 'SentinelWatchlist', ` @@ -1437,7 +1437,7 @@ function Export-M365DSCConfiguration try { Disconnect-MgGraph -ErrorAction Stop | Out-Null - Reset-MSCloudLoginConnectionProfileContext + Reset-MSCloudLoginConnectionProfileContext -Workload 'MicrosoftGraph' } catch { @@ -4207,13 +4207,20 @@ function Test-M365DSCObjectHasProperty <# .Description -This function returns the used workloads for the specified DSC resources + This function returns the used workloads for the specified DSC resources .Parameter ResourceNames -Specifies the resources for which the workloads should be determined. + Specifies the resources for which the workloads should be determined. + Either a single string, an array of strings or an object with 'Name' and 'AuthenticationMethod' can be provided. .Example -Get-M365DSCWorkloadsListFromResourceNames -ResourceNames AADUSer + Get-M365DSCWorkloadsListFromResourceNames -ResourceNames AADUser + +.EXAMPLE + Get-M365DSCWorkloadsListFromResourceNames -ResourceNames @('AADUser', 'AADGroup') + +.EXAMPLE + Get-M365DSCWorkloadsListFromResourceNames -ResourceNames @{Name = 'AADUser'; AuthenticationMethod = 'Credentials'} .Functionality Public @@ -4232,7 +4239,13 @@ function Get-M365DSCWorkloadsListFromResourceNames [Array] $workloads = @() foreach ($resource in $ResourceNames) { - switch ($resource.Name.Substring(0, 2).ToUpper()) + $resourceName = $resource.Name + $authMethod = $resource.AuthenticationMethod + if ([System.String]::IsNullOrEmpty($resourceName)) + { + $resourceName = $resource + } + switch ($resourceName.Substring(0, 2).ToUpper()) { 'AA' { @@ -4240,7 +4253,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'MicrosoftGraph' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4250,7 +4263,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'ExchangeOnline' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4260,7 +4273,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'MicrosoftGraph' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4270,14 +4283,14 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'MicrosoftGraph' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } elseif (-not $workloads.Name -or -not $workloads.Name.Contains('ExchangeOnline')) { $workloads += @{ Name = 'ExchangeOnline' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4287,7 +4300,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'PnP' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4297,7 +4310,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'MicrosoftGraph' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4307,7 +4320,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'PnP' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4317,7 +4330,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'SecurityComplianceCenter' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } @@ -4327,7 +4340,7 @@ function Get-M365DSCWorkloadsListFromResourceNames { $workloads += @{ Name = 'MicrosoftTeams' - AuthenticationMethod = $resource.AuthenticationMethod + AuthenticationMethod = $authMethod } } } diff --git a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 index a7b8bbae4a..6d58407ac0 100644 --- a/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 +++ b/Modules/Microsoft365DSC/Modules/WorkloadHelpers/M365DSCFabricHelper.psm1 @@ -17,10 +17,14 @@ function Invoke-M365DSCFabricWebRequest ) $headers = @{ - Authorization = (Get-MSCloudLoginConnectionProfile -Workload Fabric).AccessToken + Authorization = (Get-MSCloudLoginConnectionProfile -Workload 'Fabric').AccessToken } - $response = Invoke-WebRequest -Method $Method -Uri $Uri -Headers $headers -Body $Body + $response = Invoke-WebRequest -Method $Method ` + -Uri $Uri ` + -Headers $headers ` + -Body $Body ` + -UseBasicParsing $result = ConvertFrom-Json $response.Content return $result } diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json index a4fdffd024..6f53ed673c 100644 --- a/Modules/Microsoft365DSC/SchemaDefinition.json +++ b/Modules/Microsoft365DSC/SchemaDefinition.json @@ -909,6 +909,51 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphApiOauth2PermissionScopes", + "Parameters": [ + { + "CIMType": "String", + "Name": "adminConsentDescription", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "adminConsentDisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "userConsentDescription", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "userConsentDisplayName", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "value", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "isEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "type", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "id", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_MicrosoftGraphApiApplication", "Parameters": [ @@ -916,6 +961,11 @@ "CIMType": "MSFT_MicrosoftGraphPreAuthorizedApplication[]", "Name": "PreAuthorizedApplications", "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphAPIOauth2PermissionScopes[]", + "Name": "Oauth2PermissionScopes", + "Option": "Write" } ] }, @@ -46710,6 +46760,2511 @@ } ] }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths", + "Parameters": [ + { + "CIMType": "String", + "Name": "value", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "key", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "CPL_Personalization_NoLockScreenCamera", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CPL_Personalization_NoLockScreenSlideshow", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_0201_LATFP", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_0002_SMBv1_ClientDriver", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_SMB1ClientDriver", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_0001_SMBv1_Server", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_0102_SEHOP", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_SecGuide_0202_WDigestAuthn", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_MSS_DisableIPSourceRoutingIPv6", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableIPSourceRoutingIPv6", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_MSS_DisableIPSourceRouting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableIPSourceRouting", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_MSS_EnableICMPRedirect", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Pol_MSS_NoNameReleaseOnDemand", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Turn_Off_Multicast", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NC_ShowSharedAccessUI", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "hardeneduncpaths_Pol_HardenedPaths", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[]", + "Name": "pol_hardenedpaths", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "WCM_BlockNonDomain", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureRedirectionGuardPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RedirectionGuardPolicy_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureRpcConnectionPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcConnectionAuthentication_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcConnectionProtocol_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureRpcListenerPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcAuthenticationProtocol_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcListenerProtocols_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureRpcTcpPort", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "RpcTcpPort", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RestrictDriverInstallationToAdministrators", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureCopyFilesPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CopyFilesPolicy_Enum", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowEncryptionOracle", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowEncryptionOracleDrop", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowProtectedCreds", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Classes_Deny", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DeviceInstall_Classes_Deny_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceInstall_Classes_Deny_Retroactive", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "POL_DriverLoadPolicy_Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SelectDriverLoadPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CSE_Registry", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CSE_NOBACKGROUND10", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CSE_NOCHANGES10", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableWebPnPDownload_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ShellPreventWPWDownload_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowCustomSSPsAPs", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowStandbyStatesDC_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowStandbyStatesAC_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DCPromptForPasswordOnResume_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ACPromptForPasswordOnResume_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RA_Solicit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RA_Solicit_ExpireUnits_List", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "RA_Solicit_ExpireValue_Edt", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RA_Solicit_Control_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RA_Solicit_Mailto_List", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcRestrictRemoteClients", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RpcRestrictRemoteClientsList", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AppxRuntimeMicrosoftAccountsOptional", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoAutoplayfornonVolume", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoAutorun", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoAutorun_Dropdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Autorun", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Autorun_Box", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FDVDenyWriteAccess_Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RDVDenyWriteAccess_Name", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RDVCrossOrg", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnumerateAdministrators", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Channel_LogMaxSize_1", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "Channel_LogMaxSize_1_Channel_LogMaxSize", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Channel_LogMaxSize_2", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "Channel_LogMaxSize_2_Channel_LogMaxSize", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Channel_LogMaxSize_4", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "Channel_LogMaxSize_4_Channel_LogMaxSize", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableSmartScreen", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableSmartScreenDropdown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoDataExecutionPrevention", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoHeapTerminationOnCorruption", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_InvalidSignatureBlock", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_CertificateRevocation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_DownloadSignatures", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_DisableEPMCompat", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_SetWinInetProtocols", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_WinInetProtocolOptions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_EnableEnhancedProtectedMode64Bit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_EnableEnhancedProtectedMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NoCertError", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAccessDataSourcesAcrossDomains_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowPasteViaScript_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDropOrPasteFiles_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_XAML_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_XAML_1_IZ_Partname2402", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowTDCControl_Both_Internet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyWindowsRestrictionsURLaction_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_WebBrowserControl_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_WebBrowserControl_1_IZ_Partname1206", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_AllowScriptlets_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_AllowScriptlets_1_IZ_Partname1209", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_ScriptStatusBar_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_ScriptStatusBar_1_IZ_Partname2103", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowVBScript_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowVBScript_1_IZ_Partname140C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNotificationBarDownloadURLaction_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadSignedActiveX_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadUnsignedActiveX_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_LocalPathForUpload_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_LocalPathForUpload_1_IZ_Partname160A", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_1_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLaunchAppsAndFilesInIFRAME_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLogon_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLogon_1_IZ_Partname1A00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNavigateSubframesAcrossDomains_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUnsignedFrameworkComponentsURLaction_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicySignedFrameworkComponentsURLaction_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_UnsafeFiles_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_UnsafeFiles_1_IZ_Partname1806", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyTurnOnXSSFilter_Both_Internet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_TurnOnProtectedMode_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_1_IZ_Partname2301", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyBlockPopupWindows_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyBlockPopupWindows_1_IZ_Partname1809", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUserdataPersistence_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUserdataPersistence_1_IZ_Partname1606", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyZoneElevationURLaction_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_UNCAsIntranet", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_3_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_9", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_9", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_9_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_2_IZ_Partname2301", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_4", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_4_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_10", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_10_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_8", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_8_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_8", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_8_IZ_Partname2301", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_6", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_6_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAccessDataSourcesAcrossDomains_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyActiveScripting_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1400", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyBinaryBehaviors_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname2000", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowPasteViaScript_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDropOrPasteFiles_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyFileDownload_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1803", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_XAML_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_XAML_7_IZ_Partname2402", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowMETAREFRESH_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1608", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowTDCControl_Both_Restricted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyWindowsRestrictionsURLaction_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_WebBrowserControl_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_WebBrowserControl_7_IZ_Partname1206", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_AllowScriptlets_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_AllowScriptlets_7_IZ_Partname1209", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_ScriptStatusBar_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_ScriptStatusBar_7_IZ_Partname2103", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowVBScript_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAllowVBScript_7_IZ_Partname140C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNotificationBarDownloadURLaction_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadSignedActiveX_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadUnsignedActiveX_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_LocalPathForUpload_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_LocalPathForUpload_7_IZ_Partname160A", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_7_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLaunchAppsAndFilesInIFRAME_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLogon_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyLogon_7_IZ_Partname1A00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNavigateSubframesAcrossDomains_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUnsignedFrameworkComponentsURLaction_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicySignedFrameworkComponentsURLaction_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyRunActiveXControls_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1200", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXMarkedSafe_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1405", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptingOfJavaApplets_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Partname1402", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_UnsafeFiles_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_UnsafeFiles_7_IZ_Partname1806", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyTurnOnXSSFilter_Both_Restricted", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_TurnOnProtectedMode_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_Policy_Phishing_7_IZ_Partname2301", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyBlockPopupWindows_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyBlockPopupWindows_7_IZ_Partname1809", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUserdataPersistence_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyUserdataPersistence_7_IZ_Partname1606", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyZoneElevationURLaction_7", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_5", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_5", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_5", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyJavaPermissions_5_IZ_Partname1C00", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IZ_PolicyWarnCertMismatch", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableSafetyFilterOverride", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableSafetyFilterOverrideForAppRepUnknown", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Disable_Managing_Safety_Filter_IE9", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IE9SafetyFilterOptions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisablePerUserActiveXInstall", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "VerMgmtDisableRunThisTime", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "VerMgmtDisable", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_EnableSSL3Fallback", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Advanced_EnableSSL3FallbackOptions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_5", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_6", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_3", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_10", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_9", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_11", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_12", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "IESF_PolicyExplorerProcesses_8", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Security_zones_map_edit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Security_options_edit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Security_HKLM_only", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "OnlyUseAXISForActiveXInstall", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AddonManagement_RestrictCrashDetection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Disable_Security_Settings_Check", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableBlockAtFirstSeen", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RealtimeProtection_DisableScanOnRealtimeEnable", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Scan_DisablePackedExeScanning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableRoutinelyTakingAction", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_CLIENT_DISABLE_PASSWORD_SAVING_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_CLIENT_DRIVE_M", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_PASSWORD", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_RPC_ENCRYPTION", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_ENCRYPTION_POLICY", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TS_ENCRYPTION_LEVEL", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Disable_Downloading_of_Enclosures", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableMPRNotifications", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AutomaticRestartSignOn", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableScriptBlockLogging", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableScriptBlockInvocationLogging", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowBasic_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowUnencrypted_2", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisallowDigest", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowBasic_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowUnencrypted_1", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableRunAs", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogon_AuditCredentialValidation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogonLogoff_AuditAccountLockout", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogonLogoff_AuditGroupMembership", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogonLogoff_AuditLogon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PolicyChange_AuditAuthenticationPolicyChange", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PolicyChange_AuditPolicyChange", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ObjectAccess_AuditFileShare", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogonLogoff_AuditOtherLogonLogoffEvents", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountManagement_AuditSecurityGroupManagement", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "System_AuditSecuritySystemExtension", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountLogonLogoff_AuditSpecialLogon", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AccountManagement_AuditUserAccountManagement", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DetailedTracking_AuditPNPActivity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DetailedTracking_AuditProcessCreation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ObjectAccess_AuditDetailedFileShare", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ObjectAccess_AuditOtherObjectAccessEvents", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ObjectAccess_AuditRemovableStorage", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PolicyChange_AuditMPSSVCRuleLevelPolicyChange", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PolicyChange_AuditOtherPolicyChangeEvents", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PrivilegeUse_AuditSensitivePrivilegeUse", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "System_AuditOtherSystemEvents", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "System_AuditSecurityStateChange", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "System_AuditSystemIntegrity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowPasswordManager", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowSmartScreen", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreventCertErrorOverrides", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Browser_PreventSmartScreenPromptOverride", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreventSmartScreenPromptOverrideForFiles", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowDirectMemoryAccess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowArchiveScanning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowBehaviorMonitoring", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowCloudProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowFullScanRemovableDriveScanning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowOnAccessProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowRealtimeMonitoring", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowIOAVProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowScriptScanning", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockExecutionOfPotentiallyObfuscatedScripts", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockWin32APICallsFromOfficeMacros", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockAdobeReaderFromCreatingChildProcesses", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockWebshellCreationForServers", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockWebshellCreationForServers_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockPersistenceThroughWMIEventSubscription", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockUseOfCopiedOrImpersonatedSystemTools", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockProcessCreationsFromPSExecAndWMICommands", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockOfficeApplicationsFromCreatingExecutableContent", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockRebootingMachineInSafeMode", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UseAdvancedProtectionAgainstRansomware", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BlockExecutableContentFromEmailClientAndWebmail", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CloudBlockLevel", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "CloudExtendedTimeout", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisableLocalAdminMerge", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableFileHashComputation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableNetworkProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "HideExclusionsFromLocalAdmins", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PUAProtection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RealTimeScanDirection", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SubmitSamplesConsent", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureSystemGuardLaunch", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "LsaCfgFlags", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableVirtualizationBasedSecurity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RequirePlatformSecurityFeatures", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DevicePasswordEnabled", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "DevicePasswordExpiration", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "MinDevicePasswordLength", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AlphanumericDevicePasswordRequired", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "MaxDevicePasswordFailedAttempts", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MinDevicePasswordComplexCharacters", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "MaxInactivityTimeDeviceLock", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "DevicePasswordHistory", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowSimpleDevicePassword", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DeviceEnumerationPolicy", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableInsecureGuestLogons", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "InteractiveLogon_MachineInactivityLimit", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "InteractiveLogon_SmartCardRemovalBehavior", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftNetworkClient_DigitallySignCommunicationsAlways", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftNetworkServer_DigitallySignCommunicationsAlways", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkSecurity_LANManagerAuthenticationLevel", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_BehaviorOfTheElevationPromptForAdministrators", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_DetectApplicationInstallationsAndPromptForElevation", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_RunAllAdministratorsInAdminApprovalMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_UseAdminApprovalMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureLsaProtectedProcess", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowGameDVR", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MSIAllowUserControlOverInstall", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MSIAlwaysInstallWithElevatedPrivileges", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "SmartScreenEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "MicrosoftEdge_SmartScreen_PreventSmartScreenPromptOverride", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "LetAppsActivateWithVoiceAboveLock", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowIndexingEncryptedStoresOrItems", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableSmartScreenInShell", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotifyMalicious", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotifyPasswordReuse", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "NotifyUnsafeApp", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ServiceEnabled", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PreventOverrideForFilesInShell", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureXboxAccessoryManagementServiceStartupMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureXboxLiveAuthManagerServiceStartupMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureXboxLiveGameSaveServiceStartupMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureXboxLiveNetworkingServiceStartupMode", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "EnableXboxGameSaveTask", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessFromNetwork", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AllowLocalLogOn", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "BackupFilesAndDirectories", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "CreateGlobalObjects", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "CreatePageFile", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DebugPrograms", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DenyAccessFromNetwork", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "DenyRemoteDesktopServicesLogOn", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ImpersonateClient", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "LoadUnloadDeviceDrivers", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ManageAuditingAndSecurityLog", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ManageVolume", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ModifyFirmwareEnvironment", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "ProfileSingleProcess", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RemoteShutdown", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "RestoreFilesAndDirectories", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "TakeOwnership", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "HypervisorEnforcedCodeIntegrity", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowAutoConnectToWiFiSenseHotspots", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowInternetSharing", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "FacialFeaturesUseEnhancedAntiSpoofing", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsInkWorkspace", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "BackupDirectory", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "ADEncryptedPasswordHistorySize", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "passwordagedays", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ADPasswordEncryptionEnabled", + "Option": "Write" + }, + { + "CIMType": "SInt32", + "Name": "passwordagedays_aad", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ADPasswordEncryptionPrincipal", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "PasswordExpirationProtectionEnabled", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "NoLockScreenToastNotification", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "RestrictFormSuggestPW", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ChkBox_PasswordAsk", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsSpotlight", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsTips", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowTailoredExperiencesWithDiagnosticData", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsSpotlightOnActionCenter", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsConsumerFeatures", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ConfigureWindowsSpotlightOnLockScreen", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowWindowsSpotlightWindowsWelcomeExperience", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "AllowThirdPartySuggestionsInWindowsSpotlight", + "Option": "Write" + } + ] + }, + { + "ClassName": "MSFT_IntuneSecurityBaselineWindows10", + "Parameters": [ + { + "CIMType": "String", + "Name": "Description", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "DisplayName", + "Option": "Key" + }, + { + "CIMType": "String[]", + "Name": "RoleScopeTagIds", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "Id", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10", + "Name": "DeviceSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10", + "Name": "UserSettings", + "Option": "Write" + }, + { + "CIMType": "MSFT_DeviceManagementConfigurationPolicyAssignments[]", + "Name": "Assignments", + "Option": "Write" + }, + { + "CIMType": "string", + "Name": "Ensure", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "Credential", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "ApplicationId", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "TenantId", + "Option": "Write" + }, + { + "CIMType": "MSFT_Credential", + "Name": "ApplicationSecret", + "Option": "Write" + }, + { + "CIMType": "String", + "Name": "CertificateThumbprint", + "Option": "Write" + }, + { + "CIMType": "Boolean", + "Name": "ManagedIdentity", + "Option": "Write" + }, + { + "CIMType": "String[]", + "Name": "AccessTokens", + "Option": "Write" + } + ] + }, { "ClassName": "MSFT_IntuneSettingCatalogASRRulesPolicyWindows10", "Parameters": [ diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 index d2945db555..e358dcdd8a 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.INTUNE.Create.Tests.ps1 @@ -3055,6 +3055,31 @@ TenantId = $TenantId; CertificateThumbprint = $CertificateThumbprint; } + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + { + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + HardenedUNCPaths_Pol_HardenedPaths = '1' + pol_hardenedPaths = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths{ + Key = '\\*\SYSVOL' + Value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + ) + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + { + AllowWindowsSpotlight = '1' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } IntuneSettingCatalogASRRulesPolicyWindows10 'myASRRulesPolicy' { DisplayName = 'asr 2' diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 index d27befe1a4..e5efd37b09 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADApplication.Tests.ps1 @@ -57,7 +57,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-MgServicePrincipal -MockWith { $servicePrincipal = New-Object PSCustomObject $servicePrincipal | Add-Member -MemberType NoteProperty -Name DisplayName -Value 'Microsoft Graph' - $servicePrincipal | Add-Member -MemberType NoteProperty -Name ObjectID -Value '12345-12345-12345-12345-12345' + $servicePrincipal | Add-Member -MemberType NoteProperty -Name ObjectID -Value '12345-12345-12345-12345-12345' + $servicePrincipal | Add-Member -MemberType NoteProperty -Name AppRoles -Value @(@{Value = "User.Read.All";Id="123"}) return $servicePrincipal } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 index 0c01f44993..3bcd89c608 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthority.Tests.ps1 @@ -46,6 +46,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 index 6e058fd01b..24c255617b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADVerifiedIdAuthorityContract.Tests.ps1 @@ -46,6 +46,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 index 9969ea0126..17e6ab26a5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataAtRestEncryptionPolicy.Tests.ps1 @@ -46,6 +46,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMigration.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMigration.Tests.ps1 index 3e7e4c3adb..57d951b08d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMigration.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOMigration.Tests.ps1 @@ -56,6 +56,10 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + + Mock -CommandName Write-Verbose -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTransportRule.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTransportRule.Tests.ps1 index 2e501dab08..28e4fbcc8b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTransportRule.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOTransportRule.Tests.ps1 @@ -41,6 +41,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.Tests.ps1 index 16a96f1d0b..5a22bdb211 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.Tests.ps1 @@ -114,6 +114,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalUserGroupMembershipPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalUserGroupMembershipPolicy.Tests.ps1 index 50196c8309..10c45c4a9b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalUserGroupMembershipPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionLocalUserGroupMembershipPolicy.Tests.ps1 @@ -143,6 +143,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 index 2f60f5a80c..388aa05044 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicy.Tests.ps1 @@ -105,6 +105,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 index 2f1b585b8f..02ccabf07d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAccountProtectionPolicyWindows10.Tests.ps1 @@ -188,6 +188,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyLinux.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyLinux.Tests.ps1 index f29d2fd298..5e742d4a62 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyLinux.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyLinux.Tests.ps1 @@ -201,6 +201,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyMacOS.Tests.ps1 index 2abd4aed6e..ce067ed413 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyMacOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusExclusionsPolicyMacOS.Tests.ps1 @@ -199,6 +199,8 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyLinux.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyLinux.Tests.ps1 index 48f93a3eb4..98968fa586 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyLinux.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyLinux.Tests.ps1 @@ -511,6 +511,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false @@ -737,7 +740,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Credential = $Credential } } - + It 'Should Reverse Engineer resource from the Export method' { $result = Export-TargetResource @testParams $result | Should -Not -BeNullOrEmpty diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyMacOS.Tests.ps1 index e2dbb85c46..1ec550f0f3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyMacOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyMacOS.Tests.ps1 @@ -498,6 +498,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyWindows10SettingCatalog.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyWindows10SettingCatalog.Tests.ps1 index 36c563e9cd..6cb3cfe8ee 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyWindows10SettingCatalog.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAntivirusPolicyWindows10SettingCatalog.Tests.ps1 @@ -117,6 +117,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10.Tests.ps1 index 081fc88e60..173fd37a33 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10.Tests.ps1 @@ -166,6 +166,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.Tests.ps1 index 3f91a6caf3..46b96d756d 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr.Tests.ps1 @@ -161,6 +161,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneApplicationControlPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneApplicationControlPolicyWindows10.Tests.ps1 index 84719e3f2f..9cff89677a 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneApplicationControlPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneApplicationControlPolicyWindows10.Tests.ps1 @@ -46,6 +46,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 index f0f904a249..328c815bbf 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceConfigurationIdentityProtectionPolicyWindows10.Tests.ps1 @@ -53,6 +53,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 index b15984720e..55b7956cb2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceControlPolicyWindows10.Tests.ps1 @@ -514,6 +514,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceRemediation.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceRemediation.Tests.ps1 index d354e20c66..60870cc47e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceRemediation.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDeviceRemediation.Tests.ps1 @@ -52,6 +52,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionPDEPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionPDEPolicyWindows10.Tests.ps1 index 0d4905e4bf..a24882a4d3 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionPDEPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionPDEPolicyWindows10.Tests.ps1 @@ -195,6 +195,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionWindows10.Tests.ps1 index 78a4588d0e..7a538c508c 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneDiskEncryptionWindows10.Tests.ps1 @@ -155,6 +155,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyLinux.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyLinux.Tests.ps1 index fcd8f5ebf6..079389cd7b 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyLinux.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyLinux.Tests.ps1 @@ -145,6 +145,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyMacOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyMacOS.Tests.ps1 index 8f490b9735..aa8cda720e 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyMacOS.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyMacOS.Tests.ps1 @@ -145,6 +145,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyWindows10.Tests.ps1 index 85bdc2b60a..c5ea260240 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneEndpointDetectionAndResponsePolicyWindows10.Tests.ps1 @@ -165,6 +165,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneExploitProtectionPolicyWindows10SettingCatalog.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneExploitProtectionPolicyWindows10SettingCatalog.Tests.ps1 index a5dbf07f70..8f70de56da 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneExploitProtectionPolicyWindows10SettingCatalog.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneExploitProtectionPolicyWindows10SettingCatalog.Tests.ps1 @@ -117,6 +117,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 index f4455f536b..742803d4b0 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallPolicyWindows10.Tests.ps1 @@ -433,6 +433,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesHyperVPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesHyperVPolicyWindows10.Tests.ps1 index 42368fc025..20d88f3775 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesHyperVPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesHyperVPolicyWindows10.Tests.ps1 @@ -285,6 +285,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10.Tests.ps1 index 03224a580e..219b0765fe 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10.Tests.ps1 @@ -364,6 +364,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10ConfigMgr.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10ConfigMgr.Tests.ps1 index 14506a6da8..106d42bda6 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10ConfigMgr.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneFirewallRulesPolicyWindows10ConfigMgr.Tests.ps1 @@ -364,6 +364,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 index 4ceff9776a..0b30c17e42 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntunePolicySets.Tests.ps1 @@ -52,6 +52,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineDefenderForEndpoint.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineDefenderForEndpoint.Tests.ps1 index 101a834113..aa7da1a9b5 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineDefenderForEndpoint.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineDefenderForEndpoint.Tests.ps1 @@ -234,6 +234,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 index 9da29d6d2c..b236c0e6ed 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoft365AppsForEnterprise.Tests.ps1 @@ -280,6 +280,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoftEdge.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoftEdge.Tests.ps1 index b69a4786ab..a24d998890 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoftEdge.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineMicrosoftEdge.Tests.ps1 @@ -182,6 +182,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineWindows10.Tests.ps1 new file mode 100644 index 0000000000..a7deb68382 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSecurityBaselineWindows10.Tests.ps1 @@ -0,0 +1,565 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource "IntuneSecurityBaselineWindows10" -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + + $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName Get-PSSession -MockWith { + } + + Mock -CommandName Remove-PSSession -MockWith { + } + + Mock -CommandName Update-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName New-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + } + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return @{ + Id = '12345-12345-12345-12345-12345' + Description = 'My Test' + Name = 'My Test' + RoleScopeTagIds = @("FakeStringValue") + TemplateReference = @{ + TemplateId = '66df8dce-0166-4b82-92f7-1f74e3ca17a3_1' + } + } + } + + Mock -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -MockWith { + } + + Mock -CommandName Update-IntuneDeviceConfigurationPolicy -MockWith { + } + + Mock -CommandName Get-IntuneSettingCatalogPolicySetting -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicySetting -MockWith { + return @( + @{ + Id = '0' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel' + Name = 'Pol_MSS_DisableIPSourceRoutingIPv6' + OffsetUri = '/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options=@( + @{ + name ='Enabled' + itemId = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_1' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_disableipsourceroutingipv6' + Name = 'DisableIPSourceRoutingIPv6' + OffsetUri = '/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options=@( + @{ + name ='No additional protection, source routed packets are allowed' + itemId = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_disableipsourceroutingipv6_0' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_1' + parentSettingId = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel' + } + ) + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = 'd26001a0-5e2d-4f45-94f6-a8fb15b016d8' + } + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + choiceSettingValue = @{ + children = @( + @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_disableipsourceroutingipv6' + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + choiceSettingValue = @{ + children = @() + value = "device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_disableipsourceroutingipv6_0" + } + } + ) + value = "device_vendor_msft_policy_config_msslegacy_ipv6sourceroutingprotectionlevel_1" + } + } + } + } + @{ + Id = '1' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths' + Name = 'Pol_HardenedPaths' + OffsetUri = '/Config/Connectivity/HardenedUNCPaths' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options = @( + @{ + name ='Enabled' + itemId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_1' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + Name = 'Pol_HardenedPaths' + OffsetUri = '/Config/Connectivity/HardenedUNCPaths' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + maximumCount = 600 + minimumCount = 1 + childIds = @( + 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_key', + 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_value' + ) + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_1' + parentSettingId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_value' + Name = 'Pol_HardenedPaths' + OffsetUri = '/Config/Connectivity/HardenedUNCPaths' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + parentSettingId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + } + ) + } + }, + @{ + Id = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_key' + Name = 'Pol_HardenedPaths' + OffsetUri = '/Config/Connectivity/HardenedUNCPaths' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingDefinition' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + parentSettingId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = 'd26001a0-5e2d-4f45-94f6-a8fb15b016d8' + } + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + choiceSettingValue = @{ + children = @( + @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths' + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance" + groupSettingCollectionValue = @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_value' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + }, + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_connectivity_hardeneduncpaths_pol_hardenedpaths_key' + simpleSettingValue = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationStringSettingValue' + value = '\\*\SYSVOL' + } + } + ) + } + } + ) + value = "device_vendor_msft_policy_config_connectivity_hardeneduncpaths_1" + } + } + } + } + @{ + Id = '2' + SettingDefinitions = @( + @{ + Id = 'user_vendor_msft_policy_config_experience_allowwindowsspotlight' + Name = 'AllowWindowsSpotlight' + OffsetUri = '/Config/Experience/AllowWindowsSpotlight' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options=@( + @{ + name ='Allowed.' + itemId = 'user_vendor_msft_policy_config_experience_allowwindowsspotlight_1' + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'user_vendor_msft_policy_config_experience_allowwindowsspotlight' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = 'bb79e6fc-a957-476b-b8a1-0a7b1ac81c6a' + } + AdditionalProperties = @{ + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance" + choiceSettingValue = @{ + children = @() + value = "user_vendor_msft_policy_config_experience_allowwindowsspotlight_1" + } + } + } + } + @{ + Id = '3' + SettingDefinitions = @( + @{ + Id = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + Name = 'AttackSurfaceReductionRules' + OffsetUri = '/Config/Defender/AttackSurfaceReductionRules' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionDefinition' + maximumCount = 1 + minimumCount = 0 + childIds = @( + 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' + ) + + } + }, + @{ + Id = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' + Name = 'BlockExecutionOfPotentiallyObfuscatedScripts' + OffsetUri = '/Config/Defender/AttackSurfaceReductionRules' + AdditionalProperties = @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition' + options=@( + @{ + name ='Block' + itemId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts_block' + dependentOn = @( + @{ + dependentOn = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + parentSettingId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + } + ) + } + ) + } + } + ) + SettingInstance = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + SettingInstanceTemplateReference = @{ + SettingInstanceTemplateId = '3d6107c2-c307-4399-8070-6542f1760309' + } + AdditionalProperties = @{ + SettingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules' + '@odata.type' = "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance" + groupSettingCollectionValue = @{ + children = @( + @{ + '@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance' + settingDefinitionId = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts' + choiceSettingValue = @{ + children = @() + value = 'device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts_block' + } + } + ) + } + } + } + } + ) + } + + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return "Credentials" + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicyAssignment -MockWith { + return @(@{ + Id = '12345-12345-12345-12345-12345' + Source = 'direct' + SourceId = '12345-12345-12345-12345-12345' + Target = @{ + DeviceAndAppManagementAssignmentFilterId = '12345-12345-12345-12345-12345' + DeviceAndAppManagementAssignmentFilterType = 'none' + AdditionalProperties = @( + @{ + '@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + } + ) + } + }) + } + + } + + # Test contexts + Context -Name "The IntuneSecurityBaselineWindows10 should exist but it DOES NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + deviceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 -Property @{ + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + HardenedUNCPaths_Pol_HardenedPaths = '1' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + pol_hardenedpaths = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths -Property @{ + value = "RequireMutualAuthentication=1,RequireIntegrity=1" + key = "\\*\SYSVOL" + } -ClientOnly) + ) + } -ClientOnly) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + userSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 -Property @{ + AllowWindowsSpotlight = '1' + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + + Mock -CommandName Get-MgBetaDeviceManagementConfigurationPolicy -MockWith { + return $null + } + } + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + It 'Should Create the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName New-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + + Context -Name "The IntuneSecurityBaselineWindows10 exists but it SHOULD NOT" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + deviceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 -Property @{ + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + HardenedUNCPaths_Pol_HardenedPaths = '1' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + pol_hardenedpaths = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths -Property @{ + value = "RequireMutualAuthentication=1,RequireIntegrity=1" + key = "\\*\SYSVOL" + } -ClientOnly) + ) + } -ClientOnly) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + userSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 -Property @{ + AllowWindowsSpotlight = '1' + } -ClientOnly) + Ensure = "Absent" + Credential = $Credential; + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should Remove the group from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceManagementConfigurationPolicy -Exactly 1 + } + } + + Context -Name "The IntuneSecurityBaselineWindows10 Exists and Values are already in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + deviceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 -Property @{ + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + HardenedUNCPaths_Pol_HardenedPaths = '1' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + pol_hardenedpaths = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths -Property @{ + value = "RequireMutualAuthentication=1,RequireIntegrity=1" + key = "\\*\SYSVOL" + } -ClientOnly) + ) + } -ClientOnly) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + userSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 -Property @{ + AllowWindowsSpotlight = '1' + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name "The IntuneSecurityBaselineWindows10 exists and values are NOT in the desired state" -Fixture { + BeforeAll { + $testParams = @{ + Assignments = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_DeviceManagementConfigurationPolicyAssignments -Property @{ + DataType = '#microsoft.graph.exclusionGroupAssignmentTarget' + groupId = '26d60dd1-fab6-47bf-8656-358194c1a49d' + deviceAndAppManagementAssignmentFilterType = 'none' + } -ClientOnly) + ) + Description = "My Test" + deviceSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 -Property @{ + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + HardenedUNCPaths_Pol_HardenedPaths = '1' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + pol_hardenedpaths = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths -Property @{ + value = "RequireMutualAuthentication=1,RequireIntegrity=1" + key = "\\*\SYSVOL" + } -ClientOnly) + ) + } -ClientOnly) + Id = "12345-12345-12345-12345-12345" + DisplayName = "My Test" + RoleScopeTagIds = @("FakeStringValue") + userSettings = (New-CimInstance -ClassName MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 -Property @{ + AllowWindowsSpotlight = '0' #drift + } -ClientOnly) + Ensure = "Present" + Credential = $Credential; + } + } + + It 'Should return Values from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should call the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-IntuneDeviceConfigurationPolicy -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogASRRulesPolicyWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogASRRulesPolicyWindows10.Tests.ps1 index 62fc74e810..ca035ed297 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogASRRulesPolicyWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneSettingCatalogASRRulesPolicyWindows10.Tests.ps1 @@ -248,6 +248,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false } diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.Tests.ps1 index e6538a3cc9..0046c3af04 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10.Tests.ps1 @@ -49,6 +49,9 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { # Mock Write-Host to hide output during the tests Mock -CommandName Write-Host -MockWith { } + Mock -CommandName Write-Warning -MockWith { + } + $Script:exportedInstances =$null $Script:ExportMode = $false diff --git a/docs/docs/resources/azure-ad/AADApplication.md b/docs/docs/resources/azure-ad/AADApplication.md index 8b9cf78dde..264ffb29f6 100644 --- a/docs/docs/resources/azure-ad/AADApplication.md +++ b/docs/docs/resources/azure-ad/AADApplication.md @@ -138,6 +138,21 @@ | **AppId** | Write | String | The unique identifier for the client application. | | | **PermissionIds** | Write | StringArray[] | The unique identifier for the scopes the client application is granted. | | +### MSFT_MicrosoftGraphApiOauth2PermissionScopes + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **adminConsentDescription** | Write | String | A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences. | | +| **adminConsentDisplayName** | Write | String | The permission's title, intended to be read by an administrator granting the permission on behalf of all users. | | +| **userConsentDescription** | Write | String | A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves. | | +| **userConsentDisplayName** | Write | String | A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves. | | +| **value** | Write | String | Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length. | | +| **isEnabled** | Write | Boolean | When you create or update a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed. | | +| **type** | Write | String | The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required. | | +| **id** | Write | String | Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application. | | + ### MSFT_MicrosoftGraphApiApplication #### Parameters @@ -145,6 +160,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | | **PreAuthorizedApplications** | Write | MSFT_MicrosoftGraphPreAuthorizedApplication[] | Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent. | | +| **Oauth2PermissionScopes** | Write | MSFT_MicrosoftGraphAPIOauth2PermissionScopes[] | List of associated API scopes. | | ### MSFT_MicrosoftGraphAuthenticationBehaviors diff --git a/docs/docs/resources/intune/IntuneSecurityBaselineDefenderForEndpoint.md b/docs/docs/resources/intune/IntuneSecurityBaselineDefenderForEndpoint.md index 3956f4b458..bb81b39c2a 100644 --- a/docs/docs/resources/intune/IntuneSecurityBaselineDefenderForEndpoint.md +++ b/docs/docs/resources/intune/IntuneSecurityBaselineDefenderForEndpoint.md @@ -189,21 +189,21 @@ To authenticate with the Microsoft Graph API, this resource required the followi - **Read** - - DeviceManagementConfiguration.Read.All + - Group.Read.All, DeviceManagementConfiguration.Read.All - **Update** - - DeviceManagementConfiguration.ReadWrite.All + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All #### Application permissions - **Read** - - DeviceManagementConfiguration.Read.All + - Group.Read.All, DeviceManagementConfiguration.Read.All - **Update** - - DeviceManagementConfiguration.ReadWrite.All + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All ## Examples diff --git a/docs/docs/resources/intune/IntuneSecurityBaselineWindows10.md b/docs/docs/resources/intune/IntuneSecurityBaselineWindows10.md new file mode 100644 index 0000000000..d86d0c77d6 --- /dev/null +++ b/docs/docs/resources/intune/IntuneSecurityBaselineWindows10.md @@ -0,0 +1,716 @@ +# IntuneSecurityBaselineWindows10 + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Description** | Write | String | Policy description | | +| **DisplayName** | Key | String | Policy name | | +| **RoleScopeTagIds** | Write | StringArray[] | List of Scope Tags for this Entity instance. | | +| **Id** | Write | String | The unique identifier for an entity. Read-only. | | +| **DeviceSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 | The policy settings for the device scope. | | +| **UserSettings** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 | The policy settings for the user scope. | | +| **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | | +| **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **AccessTokens** | Write | StringArray[] | Access token used for authentication. | | + +### MSFT_DeviceManagementConfigurationPolicyAssignments + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **dataType** | Write | String | The type of the target assignment. | `#microsoft.graph.groupAssignmentTarget`, `#microsoft.graph.allLicensedUsersAssignmentTarget`, `#microsoft.graph.allDevicesAssignmentTarget`, `#microsoft.graph.exclusionGroupAssignmentTarget`, `#microsoft.graph.configurationManagerCollectionAssignmentTarget` | +| **deviceAndAppManagementAssignmentFilterType** | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | `none`, `include`, `exclude` | +| **deviceAndAppManagementAssignmentFilterId** | Write | String | The Id of the filter for the target assignment. | | +| **groupId** | Write | String | The group Id that is the target of the assignment. | | +| **groupDisplayName** | Write | String | The group Display Name that is the target of the assignment. | | +| **collectionId** | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) | | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **value** | Write | String | Value | | +| **key** | Write | String | Name | | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **CPL_Personalization_NoLockScreenCamera** | Write | String | Prevent enabling lock screen camera (0: Disabled, 1: Enabled) | `0`, `1` | +| **CPL_Personalization_NoLockScreenSlideshow** | Write | String | Prevent enabling lock screen slide show (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_0201_LATFP** | Write | String | Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_0002_SMBv1_ClientDriver** | Write | String | Configure SMB v1 client driver (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_SMB1ClientDriver** | Write | String | Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer)) | `4`, `3`, `2` | +| **Pol_SecGuide_0001_SMBv1_Server** | Write | String | Configure SMB v1 server (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_0102_SEHOP** | Write | String | Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_SecGuide_0202_WDigestAuthn** | Write | String | WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_MSS_DisableIPSourceRoutingIPv6** | Write | String | MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableIPSourceRoutingIPv6** | Write | String | DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled) | `0`, `1`, `2` | +| **Pol_MSS_DisableIPSourceRouting** | Write | String | MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableIPSourceRouting** | Write | String | DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled) | `0`, `1`, `2` | +| **Pol_MSS_EnableICMPRedirect** | Write | String | MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled) | `0`, `1` | +| **Pol_MSS_NoNameReleaseOnDemand** | Write | String | MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled) | `0`, `1` | +| **Turn_Off_Multicast** | Write | String | Turn off multicast name resolution (0: Disabled, 1: Enabled) | `0`, `1` | +| **NC_ShowSharedAccessUI** | Write | String | Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled) | `0`, `1` | +| **hardeneduncpaths_Pol_HardenedPaths** | Write | String | Hardened UNC Paths (0: Disabled, 1: Enabled) | `0`, `1` | +| **pol_hardenedpaths** | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[] | Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths | | +| **WCM_BlockNonDomain** | Write | String | Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled) | `0`, `1` | +| **ConfigureRedirectionGuardPolicy** | Write | String | Configure Redirection Guard (0: Disabled, 1: Enabled) | `0`, `1` | +| **RedirectionGuardPolicy_Enum** | Write | String | Redirection Guard Options (Device) - Depends on ConfigureRedirectionGuardPolicy (0: Redirection Guard Disabled, 1: Redirection Guard Enabled, 2: Redirection Guard Audit Only) | `0`, `1`, `2` | +| **ConfigureRpcConnectionPolicy** | Write | String | Configure RPC connection settings (0: Disabled, 1: Enabled) | `0`, `1` | +| **RpcConnectionAuthentication_Enum** | Write | String | Use authentication for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: Default, 1: Authentication enabled, 2: Authentication disabled) | `0`, `1`, `2` | +| **RpcConnectionProtocol_Enum** | Write | String | Protocol to use for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: RPC over TCP, 1: RPC over named pipes) | `0`, `1` | +| **ConfigureRpcListenerPolicy** | Write | String | Configure RPC listener settings (0: Disabled, 1: Enabled) | `0`, `1` | +| **RpcAuthenticationProtocol_Enum** | Write | String | Authentication protocol to use for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (0: Negotiate, 1: Kerberos) | `0`, `1` | +| **RpcListenerProtocols_Enum** | Write | String | Protocols to allow for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (3: RPC over named pipes, 5: RPC over TCP, 7: RPC over named pipes and TCP) | `3`, `5`, `7` | +| **ConfigureRpcTcpPort** | Write | String | Configure RPC over TCP port (0: Disabled, 1: Enabled) | `0`, `1` | +| **RpcTcpPort** | Write | SInt32 | RPC over TCP port: (Device) - Depends on ConfigureRpcTcpPort | | +| **RestrictDriverInstallationToAdministrators** | Write | String | Limits print driver installation to Administrators (0: Disabled, 1: Enabled) | `0`, `1` | +| **ConfigureCopyFilesPolicy** | Write | String | Manage processing of Queue-specific files (0: Disabled, 1: Enabled) | `0`, `1` | +| **CopyFilesPolicy_Enum** | Write | String | Manage processing of Queue-Specific files: (Device) - Depends on ConfigureCopyFilesPolicy (0: Do not allow Queue-specific files, 1: Limit Queue-specific files to Color profiles, 2: Allow all Queue-specfic files) | `0`, `1`, `2` | +| **AllowEncryptionOracle** | Write | String | Encryption Oracle Remediation (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowEncryptionOracleDrop** | Write | String | Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable) | `0`, `1`, `2` | +| **AllowProtectedCreds** | Write | String | Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Classes_Deny** | Write | String | Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled) | `0`, `1` | +| **DeviceInstall_Classes_Deny_List** | Write | StringArray[] | Prevented Classes - Depends on DeviceInstall_Classes_Deny | | +| **DeviceInstall_Classes_Deny_Retroactive** | Write | String | Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True) | `0`, `1` | +| **POL_DriverLoadPolicy_Name** | Write | String | Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled) | `0`, `1` | +| **SelectDriverLoadPolicy** | Write | String | Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All) | `8`, `1`, `3`, `7` | +| **CSE_Registry** | Write | String | Configure registry policy processing (0: Disabled, 1: Enabled) | `0`, `1` | +| **CSE_NOBACKGROUND10** | Write | String | Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True) | `0`, `1` | +| **CSE_NOCHANGES10** | Write | String | Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True) | `0`, `1` | +| **DisableWebPnPDownload_2** | Write | String | Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled) | `0`, `1` | +| **ShellPreventWPWDownload_2** | Write | String | Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowCustomSSPsAPs** | Write | String | Allow Custom SSPs and APs to be loaded into LSASS (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowStandbyStatesDC_2** | Write | String | Allow standby states (S1-S3) when sleeping (on battery) (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowStandbyStatesAC_2** | Write | String | Allow standby states (S1-S3) when sleeping (plugged in) (0: Disabled, 1: Enabled) | `0`, `1` | +| **DCPromptForPasswordOnResume_2** | Write | String | Require a password when a computer wakes (on battery) (0: Disabled, 1: Enabled) | `0`, `1` | +| **ACPromptForPasswordOnResume_2** | Write | String | Require a password when a computer wakes (plugged in) (0: Disabled, 1: Enabled) | `0`, `1` | +| **RA_Solicit** | Write | String | Configure Solicited Remote Assistance (0: Disabled, 1: Enabled) | `0`, `1` | +| **RA_Solicit_ExpireUnits_List** | Write | String | Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days) | `0`, `1`, `2` | +| **RA_Solicit_ExpireValue_Edt** | Write | SInt32 | Maximum ticket time (value): - Depends on RA_Solicit | | +| **RA_Solicit_Control_List** | Write | String | Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer) | `1`, `0` | +| **RA_Solicit_Mailto_List** | Write | String | Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto) | `0`, `1` | +| **RpcRestrictRemoteClients** | Write | String | Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled) | `0`, `1` | +| **RpcRestrictRemoteClientsList** | Write | String | RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions) | `0`, `1`, `2` | +| **AppxRuntimeMicrosoftAccountsOptional** | Write | String | Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled) | `0`, `1` | +| **NoAutoplayfornonVolume** | Write | String | Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled) | `0`, `1` | +| **NoAutorun** | Write | String | Set the default behavior for AutoRun (0: Disabled, 1: Enabled) | `0`, `1` | +| **NoAutorun_Dropdown** | Write | String | Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands) | `1`, `2` | +| **Autorun** | Write | String | Turn off Autoplay (0: Disabled, 1: Enabled) | `0`, `1` | +| **Autorun_Box** | Write | String | Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives) | `181`, `255` | +| **FDVDenyWriteAccess_Name** | Write | String | Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled) | `0`, `1` | +| **RDVDenyWriteAccess_Name** | Write | String | Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled) | `0`, `1` | +| **RDVCrossOrg** | Write | String | Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True) | `0`, `1` | +| **EnumerateAdministrators** | Write | String | Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled) | `0`, `1` | +| **Channel_LogMaxSize_1** | Write | String | Specify the maximum log file size (KB) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Channel_LogMaxSize_1_Channel_LogMaxSize** | Write | SInt32 | Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1 | | +| **Channel_LogMaxSize_2** | Write | String | Specify the maximum log file size (KB) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Channel_LogMaxSize_2_Channel_LogMaxSize** | Write | SInt32 | Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2 | | +| **Channel_LogMaxSize_4** | Write | String | Specify the maximum log file size (KB) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Channel_LogMaxSize_4_Channel_LogMaxSize** | Write | SInt32 | Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4 | | +| **EnableSmartScreen** | Write | String | Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled) | `0`, `1` | +| **EnableSmartScreenDropdown** | Write | String | Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn) | `block`, `warn` | +| **NoDataExecutionPrevention** | Write | String | Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled) | `0`, `1` | +| **NoHeapTerminationOnCorruption** | Write | String | Turn off heap termination on corruption (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_InvalidSignatureBlock** | Write | String | Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_CertificateRevocation** | Write | String | Check for server certificate revocation (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_DownloadSignatures** | Write | String | Check for signatures on downloaded programs (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_DisableEPMCompat** | Write | String | Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_SetWinInetProtocols** | Write | String | Turn off encryption support (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_WinInetProtocolOptions** | Write | String | Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3) | `0`, `8`, `32`, `40`, `128`, `136`, `160`, `168`, `512`, `520`, `544`, `552`, `640`, `648`, `672`, `680`, `2048`, `2056`, `2080`, `2088`, `2176`, `2184`, `2208`, `2216`, `2560`, `2568`, `2592`, `2600`, `2688`, `2696`, `2720`, `2728`, `8192`, `10240`, `10752`, `10880`, `10912` | +| **Advanced_EnableEnhancedProtectedMode64Bit** | Write | String | Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_EnableEnhancedProtectedMode** | Write | String | Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled) | `0`, `1` | +| **NoCertError** | Write | String | Prevent ignoring certificate errors (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAccessDataSourcesAcrossDomains_1** | Write | String | Access data sources across domains (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406** | Write | String | Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyAllowPasteViaScript_1** | Write | String | Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407** | Write | String | Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDropOrPasteFiles_1** | Write | String | Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802** | Write | String | Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_Policy_XAML_1** | Write | String | Allow loading of XAML files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_XAML_1_IZ_Partname2402** | Write | String | XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet** | Write | String | Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b** | Write | String | Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyAllowTDCControl_Both_Internet** | Write | String | Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c** | Write | String | Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyWindowsRestrictionsURLaction_1** | Write | String | Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102** | Write | String | Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_WebBrowserControl_1** | Write | String | Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_WebBrowserControl_1_IZ_Partname1206** | Write | String | Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_AllowScriptlets_1** | Write | String | Allow scriptlets (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_AllowScriptlets_1_IZ_Partname1209** | Write | String | Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_ScriptStatusBar_1** | Write | String | Allow updates to status bar via script (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_ScriptStatusBar_1_IZ_Partname2103** | Write | String | Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyAllowVBScript_1** | Write | String | Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowVBScript_1_IZ_Partname140C** | Write | String | Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyNotificationBarDownloadURLaction_1** | Write | String | Automatic prompting for file downloads (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200** | Write | String | Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_1** | Write | String | Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C** | Write | String | Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyDownloadSignedActiveX_1** | Write | String | Download signed ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001** | Write | String | Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDownloadUnsignedActiveX_1** | Write | String | Download unsigned ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004** | Write | String | Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet** | Write | String | Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709** | Write | String | Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet** | Write | String | Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708** | Write | String | Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_LocalPathForUpload_1** | Write | String | Include local path when user is uploading files to a server (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_LocalPathForUpload_1_IZ_Partname160A** | Write | String | Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_1** | Write | String | Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201** | Write | String | Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyJavaPermissions_1** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_1_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyLaunchAppsAndFilesInIFRAME_1** | Write | String | Launching applications and files in an IFRAME (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804** | Write | String | Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyLogon_1** | Write | String | Logon options (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyLogon_1_IZ_Partname1A00** | Write | String | Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password) | `196608`, `131072`, `0`, `65536` | +| **IZ_PolicyNavigateSubframesAcrossDomains_1** | Write | String | Navigate windows and frames across different domains (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607** | Write | String | Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyUnsignedFrameworkComponentsURLaction_1** | Write | String | Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004** | Write | String | Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicySignedFrameworkComponentsURLaction_1** | Write | String | Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001** | Write | String | Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_Policy_UnsafeFiles_1** | Write | String | Show security warning for potentially unsafe files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_UnsafeFiles_1_IZ_Partname1806** | Write | String | Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyTurnOnXSSFilter_Both_Internet** | Write | String | Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409** | Write | String | Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_TurnOnProtectedMode_1** | Write | String | Turn on Protected Mode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500** | Write | String | Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_Phishing_1** | Write | String | Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_Phishing_1_IZ_Partname2301** | Write | String | Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyBlockPopupWindows_1** | Write | String | Use Pop-up Blocker (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyBlockPopupWindows_1_IZ_Partname1809** | Write | String | Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyUserdataPersistence_1** | Write | String | Userdata persistence (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyUserdataPersistence_1_IZ_Partname1606** | Write | String | Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyZoneElevationURLaction_1** | Write | String | Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101** | Write | String | Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_UNCAsIntranet** | Write | String | Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_3** | Write | String | Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C** | Write | String | Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_3** | Write | String | Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201** | Write | String | Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyJavaPermissions_3** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_3_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_9** | Write | String | Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C** | Write | String | Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyJavaPermissions_9** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_9_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_Policy_Phishing_2** | Write | String | Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_Phishing_2_IZ_Partname2301** | Write | String | Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyJavaPermissions_4** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_4_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyJavaPermissions_10** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_10_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyJavaPermissions_8** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_8_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_Policy_Phishing_8** | Write | String | Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_Phishing_8_IZ_Partname2301** | Write | String | Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyJavaPermissions_6** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_6_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyAccessDataSourcesAcrossDomains_7** | Write | String | Access data sources across domains (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406** | Write | String | Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyActiveScripting_7** | Write | String | Allow active scripting (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1400** | Write | String | Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyBinaryBehaviors_7** | Write | String | Allow binary and script behaviors (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname2000** | Write | String | Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable) | `0`, `65536`, `3` | +| **IZ_PolicyAllowPasteViaScript_7** | Write | String | Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407** | Write | String | Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDropOrPasteFiles_7** | Write | String | Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802** | Write | String | Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyFileDownload_7** | Write | String | Allow file downloads (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1803** | Write | String | Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_XAML_7** | Write | String | Allow loading of XAML files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_XAML_7_IZ_Partname2402** | Write | String | XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyAllowMETAREFRESH_7** | Write | String | Allow META REFRESH (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1608** | Write | String | Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted** | Write | String | Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b** | Write | String | Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyAllowTDCControl_Both_Restricted** | Write | String | Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c** | Write | String | Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyWindowsRestrictionsURLaction_7** | Write | String | Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102** | Write | String | Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_WebBrowserControl_7** | Write | String | Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_WebBrowserControl_7_IZ_Partname1206** | Write | String | Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_AllowScriptlets_7** | Write | String | Allow scriptlets (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_AllowScriptlets_7_IZ_Partname1209** | Write | String | Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_ScriptStatusBar_7** | Write | String | Allow updates to status bar via script (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_ScriptStatusBar_7_IZ_Partname2103** | Write | String | Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyAllowVBScript_7** | Write | String | Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAllowVBScript_7_IZ_Partname140C** | Write | String | Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyNotificationBarDownloadURLaction_7** | Write | String | Automatic prompting for file downloads (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200** | Write | String | Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_7** | Write | String | Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C** | Write | String | Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyDownloadSignedActiveX_7** | Write | String | Download signed ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001** | Write | String | Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDownloadUnsignedActiveX_7** | Write | String | Download unsigned ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004** | Write | String | Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted** | Write | String | Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709** | Write | String | Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted** | Write | String | Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708** | Write | String | Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_LocalPathForUpload_7** | Write | String | Include local path when user is uploading files to a server (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_LocalPathForUpload_7_IZ_Partname160A** | Write | String | Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_7** | Write | String | Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201** | Write | String | Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyJavaPermissions_7** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_7_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyLaunchAppsAndFilesInIFRAME_7** | Write | String | Launching applications and files in an IFRAME (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804** | Write | String | Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyLogon_7** | Write | String | Logon options (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyLogon_7_IZ_Partname1A00** | Write | String | Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password) | `196608`, `131072`, `0`, `65536` | +| **IZ_PolicyNavigateSubframesAcrossDomains_7** | Write | String | Navigate windows and frames across different domains (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607** | Write | String | Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyUnsignedFrameworkComponentsURLaction_7** | Write | String | Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004** | Write | String | Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicySignedFrameworkComponentsURLaction_7** | Write | String | Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001** | Write | String | Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyRunActiveXControls_7** | Write | String | Run ActiveX controls and plugins (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1200** | Write | String | Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt) | `65536`, `0`, `3`, `1` | +| **IZ_PolicyScriptActiveXMarkedSafe_7** | Write | String | Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1405** | Write | String | Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyScriptingOfJavaApplets_7** | Write | String | Scripting of Java applets (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Partname1402** | Write | String | Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_Policy_UnsafeFiles_7** | Write | String | Show security warning for potentially unsafe files (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_UnsafeFiles_7_IZ_Partname1806** | Write | String | Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyTurnOnXSSFilter_Both_Restricted** | Write | String | Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409** | Write | String | Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_TurnOnProtectedMode_7** | Write | String | Turn on Protected Mode (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500** | Write | String | Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_Policy_Phishing_7** | Write | String | Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_Policy_Phishing_7_IZ_Partname2301** | Write | String | Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyBlockPopupWindows_7** | Write | String | Use Pop-up Blocker (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyBlockPopupWindows_7_IZ_Partname1809** | Write | String | Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyUserdataPersistence_7** | Write | String | Userdata persistence (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyUserdataPersistence_7_IZ_Partname1606** | Write | String | Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable) | `0`, `3` | +| **IZ_PolicyZoneElevationURLaction_7** | Write | String | Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101** | Write | String | Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_5** | Write | String | Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C** | Write | String | Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable) | `3`, `0` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_5** | Write | String | Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201** | Write | String | Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt) | `0`, `3`, `1` | +| **IZ_PolicyJavaPermissions_5** | Write | String | Java permissions (0: Disabled, 1: Enabled) | `0`, `1` | +| **IZ_PolicyJavaPermissions_5_IZ_Partname1C00** | Write | String | Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java) | `65536`, `131072`, `196608`, `8388608`, `0` | +| **IZ_PolicyWarnCertMismatch** | Write | String | Turn on certificate address mismatch warning (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableSafetyFilterOverride** | Write | String | Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableSafetyFilterOverrideForAppRepUnknown** | Write | String | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled) | `0`, `1` | +| **Disable_Managing_Safety_Filter_IE9** | Write | String | Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled) | `0`, `1` | +| **IE9SafetyFilterOptions** | Write | String | Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On) | `0`, `1` | +| **DisablePerUserActiveXInstall** | Write | String | Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **VerMgmtDisableRunThisTime** | Write | String | Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled) | `0`, `1` | +| **VerMgmtDisable** | Write | String | Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_EnableSSL3Fallback** | Write | String | Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled) | `0`, `1` | +| **Advanced_EnableSSL3FallbackOptions** | Write | String | Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites) | `0`, `1`, `3` | +| **IESF_PolicyExplorerProcesses_5** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_6** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_3** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_10** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_9** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_11** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_12** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **IESF_PolicyExplorerProcesses_8** | Write | String | Internet Explorer Processes (0: Disabled, 1: Enabled) | `0`, `1` | +| **Security_zones_map_edit** | Write | String | Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled) | `0`, `1` | +| **Security_options_edit** | Write | String | Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled) | `0`, `1` | +| **Security_HKLM_only** | Write | String | Security Zones: Use only machine settings (0: Disabled, 1: Enabled) | `0`, `1` | +| **OnlyUseAXISForActiveXInstall** | Write | String | Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled) | `0`, `1` | +| **AddonManagement_RestrictCrashDetection** | Write | String | Turn off Crash Detection (0: Disabled, 1: Enabled) | `0`, `1` | +| **Disable_Security_Settings_Check** | Write | String | Turn off the Security Settings Check feature (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableBlockAtFirstSeen** | Write | String | Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled) | `0`, `1` | +| **RealtimeProtection_DisableScanOnRealtimeEnable** | Write | String | Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled) | `0`, `1` | +| **Scan_DisablePackedExeScanning** | Write | String | Scan packed executables (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableRoutinelyTakingAction** | Write | String | Turn off routine remediation (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_CLIENT_DISABLE_PASSWORD_SAVING_2** | Write | String | Do not allow passwords to be saved (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_CLIENT_DRIVE_M** | Write | String | Do not allow drive redirection (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_PASSWORD** | Write | String | Always prompt for password upon connection (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_RPC_ENCRYPTION** | Write | String | Require secure RPC communication (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_ENCRYPTION_POLICY** | Write | String | Set client connection encryption level (0: Disabled, 1: Enabled) | `0`, `1` | +| **TS_ENCRYPTION_LEVEL** | Write | String | Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level) | `1`, `2`, `3` | +| **Disable_Downloading_of_Enclosures** | Write | String | Prevent downloading of enclosures (0: Disabled, 1: Enabled) | `0`, `1` | +| **EnableMPRNotifications** | Write | String | Enable MPR notifications for the system (0: Disabled, 1: Enabled) | `0`, `1` | +| **AutomaticRestartSignOn** | Write | String | Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled) | `0`, `1` | +| **EnableScriptBlockLogging** | Write | String | Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled) | `0`, `1` | +| **EnableScriptBlockInvocationLogging** | Write | String | Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True) | `0`, `1` | +| **AllowBasic_2** | Write | String | Allow Basic authentication (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowUnencrypted_2** | Write | String | Allow unencrypted traffic (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisallowDigest** | Write | String | Disallow Digest authentication (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowBasic_1** | Write | String | Allow Basic authentication (0: Disabled, 1: Enabled) | `0`, `1` | +| **AllowUnencrypted_1** | Write | String | Allow unencrypted traffic (0: Disabled, 1: Enabled) | `0`, `1` | +| **DisableRunAs** | Write | String | Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled) | `0`, `1` | +| **AccountLogon_AuditCredentialValidation** | Write | String | Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountLogonLogoff_AuditAccountLockout** | Write | String | Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountLogonLogoff_AuditGroupMembership** | Write | String | Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountLogonLogoff_AuditLogon** | Write | String | Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **PolicyChange_AuditAuthenticationPolicyChange** | Write | String | Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **PolicyChange_AuditPolicyChange** | Write | String | Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **ObjectAccess_AuditFileShare** | Write | String | Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountLogonLogoff_AuditOtherLogonLogoffEvents** | Write | String | Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountManagement_AuditSecurityGroupManagement** | Write | String | Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **System_AuditSecuritySystemExtension** | Write | String | Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountLogonLogoff_AuditSpecialLogon** | Write | String | Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AccountManagement_AuditUserAccountManagement** | Write | String | Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **DetailedTracking_AuditPNPActivity** | Write | String | Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **DetailedTracking_AuditProcessCreation** | Write | String | Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **ObjectAccess_AuditDetailedFileShare** | Write | String | Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **ObjectAccess_AuditOtherObjectAccessEvents** | Write | String | Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **ObjectAccess_AuditRemovableStorage** | Write | String | Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **PolicyChange_AuditMPSSVCRuleLevelPolicyChange** | Write | String | Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **PolicyChange_AuditOtherPolicyChangeEvents** | Write | String | Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **PrivilegeUse_AuditSensitivePrivilegeUse** | Write | String | Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **System_AuditOtherSystemEvents** | Write | String | System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **System_AuditSecurityStateChange** | Write | String | System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **System_AuditSystemIntegrity** | Write | String | System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure) | `0`, `1`, `2`, `3` | +| **AllowPasswordManager** | Write | String | Allow Password Manager (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowSmartScreen** | Write | String | Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.) | `0`, `1` | +| **PreventCertErrorOverrides** | Write | String | Prevent Cert Error Overrides (0: Allowed/turned on. Override the security warning to sites that have SSL errors., 1: Prevented/turned on.) | `0`, `1` | +| **Browser_PreventSmartScreenPromptOverride** | Write | String | Prevent Smart Screen Prompt Override (0: Allowed/turned off. Users can ignore the warning and continue to the site., 1: Prevented/turned on.) | `0`, `1` | +| **PreventSmartScreenPromptOverrideForFiles** | Write | String | Prevent Smart Screen Prompt Override For Files (0: Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s)., 1: Prevented/turned on.) | `0`, `1` | +| **AllowDirectMemoryAccess** | Write | String | Allow Direct Memory Access (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowArchiveScanning** | Write | String | Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.) | `0`, `1` | +| **AllowBehaviorMonitoring** | Write | String | Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.) | `0`, `1` | +| **AllowCloudProtection** | Write | String | Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.) | `0`, `1` | +| **AllowFullScanRemovableDriveScanning** | Write | String | Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.) | `0`, `1` | +| **AllowOnAccessProtection** | Write | String | Allow On Access Protection (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowRealtimeMonitoring** | Write | String | Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.) | `0`, `1` | +| **AllowIOAVProtection** | Write | String | Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowScriptScanning** | Write | String | Allow Script Scanning (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **BlockExecutionOfPotentiallyObfuscatedScripts** | Write | String | Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockWin32APICallsFromOfficeMacros** | Write | String | Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion** | Write | String | Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockOfficeCommunicationAppFromCreatingChildProcesses** | Write | String | Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockAllOfficeApplicationsFromCreatingChildProcesses** | Write | String | Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockAdobeReaderFromCreatingChildProcesses** | Write | String | Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem** | Write | String | Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent** | Write | String | Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockWebshellCreationForServers** | Write | String | Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockWebshellCreationForServers_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockUntrustedUnsignedProcessesThatRunFromUSB** | Write | String | Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockPersistenceThroughWMIEventSubscription** | Write | String | Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockUseOfCopiedOrImpersonatedSystemTools** | Write | String | [PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockAbuseOfExploitedVulnerableSignedDrivers** | Write | String | Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockProcessCreationsFromPSExecAndWMICommands** | Write | String | Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockOfficeApplicationsFromCreatingExecutableContent** | Write | String | Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses** | Write | String | Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockRebootingMachineInSafeMode** | Write | String | [PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **UseAdvancedProtectionAgainstRansomware** | Write | String | Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **BlockExecutableContentFromEmailClientAndWebmail** | Write | String | Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn) | `off`, `block`, `audit`, `warn` | +| **BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions** | Write | StringArray[] | ASR Only Per Rule Exclusions | | +| **CloudBlockLevel** | Write | String | Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance) | `0`, `2`, `4`, `6` | +| **CloudExtendedTimeout** | Write | SInt32 | Cloud Extended Timeout | | +| **DisableLocalAdminMerge** | Write | String | Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge) | `0`, `1` | +| **EnableFileHashComputation** | Write | String | Enable File Hash Computation (0: Disable, 1: Enable) | `0`, `1` | +| **EnableNetworkProtection** | Write | String | Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode)) | `0`, `1`, `2` | +| **HideExclusionsFromLocalAdmins** | Write | String | Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.) | `1`, `0` | +| **PUAProtection** | Write | String | PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.) | `0`, `1`, `2` | +| **RealTimeScanDirection** | Write | String | Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.) | `0`, `1`, `2` | +| **SubmitSamplesConsent** | Write | String | Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.) | `0`, `1`, `2`, `3` | +| **ConfigureSystemGuardLaunch** | Write | String | Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch) | `0`, `1`, `2` | +| **LsaCfgFlags** | Write | String | Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.) | `0`, `1`, `2` | +| **EnableVirtualizationBasedSecurity** | Write | String | Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.) | `0`, `1` | +| **RequirePlatformSecurityFeatures** | Write | String | Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.) | `1`, `3` | +| **DevicePasswordEnabled** | Write | String | Device Password Enabled (0: Enabled, 1: Disabled) | `0`, `1` | +| **DevicePasswordExpiration** | Write | SInt32 | Device Password Expiration - Depends on DevicePasswordEnabled | | +| **MinDevicePasswordLength** | Write | SInt32 | Min Device Password Length - Depends on DevicePasswordEnabled | | +| **AlphanumericDevicePasswordRequired** | Write | String | Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.) | `0`, `1`, `2` | +| **MaxDevicePasswordFailedAttempts** | Write | SInt32 | Max Device Password Failed Attempts - Depends on DevicePasswordEnabled | | +| **MinDevicePasswordComplexCharacters** | Write | String | Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop) | `1`, `2`, `3`, `4` | +| **MaxInactivityTimeDeviceLock** | Write | SInt32 | Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled | | +| **DevicePasswordHistory** | Write | SInt32 | Device Password History - Depends on DevicePasswordEnabled | | +| **AllowSimpleDevicePassword** | Write | String | Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **DeviceEnumerationPolicy** | Write | String | Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive)) | `0`, `1`, `2` | +| **EnableInsecureGuestLogons** | Write | String | Enable Insecure Guest Logons (0: Disabled, 1: Enabled) | `0`, `1` | +| **Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly** | Write | String | Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled) | `0`, `1` | +| **InteractiveLogon_MachineInactivityLimit** | Write | SInt32 | Interactive Logon Machine Inactivity Limit | | +| **InteractiveLogon_SmartCardRemovalBehavior** | Write | String | Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session) | `0`, `1`, `2`, `3` | +| **MicrosoftNetworkClient_DigitallySignCommunicationsAlways** | Write | String | Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable) | `1`, `0` | +| **MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers** | Write | String | Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable) | `1`, `0` | +| **MicrosoftNetworkServer_DigitallySignCommunicationsAlways** | Write | String | Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable) | `1`, `0` | +| **NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts** | Write | String | Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled) | `1`, `0` | +| **NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares** | Write | String | Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled) | `1`, `0` | +| **NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares** | Write | String | Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable) | `1`, `0` | +| **NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM** | Write | String | Network Access Restrict Clients Allowed To Make Remote Calls To SAM | | +| **NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange** | Write | String | Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable) | `1`, `0` | +| **NetworkSecurity_LANManagerAuthenticationLevel** | Write | String | Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM) | `0`, `1`, `2`, `3`, `4`, `5` | +| **NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** | Write | String | Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption) | `0`, `524288`, `536870912`, `537395200` | +| **NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** | Write | String | Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption) | `0`, `524288`, `536870912`, `537395200` | +| **UserAccountControl_BehaviorOfTheElevationPromptForAdministrators** | Write | String | User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries) | `0`, `1`, `2`, `3`, `4`, `5` | +| **UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers** | Write | String | User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials) | `0`, `1`, `3` | +| **UserAccountControl_DetectApplicationInstallationsAndPromptForElevation** | Write | String | User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable) | `1`, `0` | +| **UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations** | Write | String | User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.) | `0`, `1` | +| **UserAccountControl_RunAllAdministratorsInAdminApprovalMode** | Write | String | User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled) | `0`, `1` | +| **UserAccountControl_UseAdminApprovalMode** | Write | String | User Account Control Use Admin Approval Mode (1: Enable, 0: Disable) | `1`, `0` | +| **UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations** | Write | String | User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled) | `0`, `1` | +| **ConfigureLsaProtectedProcess** | Write | String | Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.) | `0`, `1`, `2` | +| **AllowGameDVR** | Write | String | Allow Game DVR (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **MSIAllowUserControlOverInstall** | Write | String | MSI Allow User Control Over Install (0: Disabled, 1: Enabled) | `0`, `1` | +| **MSIAlwaysInstallWithElevatedPrivileges** | Write | String | MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled) | `0`, `1` | +| **SmartScreenEnabled** | Write | String | Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled) | `0`, `1` | +| **MicrosoftEdge_SmartScreen_PreventSmartScreenPromptOverride** | Write | String | Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled) | `0`, `1` | +| **LetAppsActivateWithVoiceAboveLock** | Write | String | Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.) | `0`, `1`, `2` | +| **AllowIndexingEncryptedStoresOrItems** | Write | String | Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **EnableSmartScreenInShell** | Write | String | Enable Smart Screen In Shell (0: Disabled., 1: Enabled.) | `0`, `1` | +| **NotifyMalicious** | Write | String | Notify Malicious (0: Disabled, 1: Enabled) | `0`, `1` | +| **NotifyPasswordReuse** | Write | String | Notify Password Reuse (0: Disabled, 1: Enabled) | `0`, `1` | +| **NotifyUnsafeApp** | Write | String | Notify Unsafe App (0: Disabled, 1: Enabled) | `0`, `1` | +| **ServiceEnabled** | Write | String | Service Enabled (0: Disabled, 1: Enabled) | `0`, `1` | +| **PreventOverrideForFilesInShell** | Write | String | Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.) | `0`, `1` | +| **ConfigureXboxAccessoryManagementServiceStartupMode** | Write | String | Configure Xbox Accessory Management Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled) | `2`, `3`, `4` | +| **ConfigureXboxLiveAuthManagerServiceStartupMode** | Write | String | Configure Xbox Live Auth Manager Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled) | `2`, `3`, `4` | +| **ConfigureXboxLiveGameSaveServiceStartupMode** | Write | String | Configure Xbox Live Game Save Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled) | `2`, `3`, `4` | +| **ConfigureXboxLiveNetworkingServiceStartupMode** | Write | String | Configure Xbox Live Networking Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled) | `2`, `3`, `4` | +| **EnableXboxGameSaveTask** | Write | String | Enable Xbox Game Save Task (0: Disabled, 1: Enabled) | `0`, `1` | +| **AccessFromNetwork** | Write | StringArray[] | Access From Network | | +| **AllowLocalLogOn** | Write | StringArray[] | Allow Local Log On | | +| **BackupFilesAndDirectories** | Write | StringArray[] | Backup Files And Directories | | +| **CreateGlobalObjects** | Write | StringArray[] | Create Global Objects | | +| **CreatePageFile** | Write | StringArray[] | Create Page File | | +| **DebugPrograms** | Write | StringArray[] | Debug Programs | | +| **DenyAccessFromNetwork** | Write | StringArray[] | Deny Access From Network | | +| **DenyRemoteDesktopServicesLogOn** | Write | StringArray[] | Deny Remote Desktop Services Log On | | +| **ImpersonateClient** | Write | StringArray[] | Impersonate Client | | +| **LoadUnloadDeviceDrivers** | Write | StringArray[] | Load Unload Device Drivers | | +| **ManageAuditingAndSecurityLog** | Write | StringArray[] | Manage Auditing And Security Log | | +| **ManageVolume** | Write | StringArray[] | Manage Volume | | +| **ModifyFirmwareEnvironment** | Write | StringArray[] | Modify Firmware Environment | | +| **ProfileSingleProcess** | Write | StringArray[] | Profile Single Process | | +| **RemoteShutdown** | Write | StringArray[] | Remote Shutdown | | +| **RestoreFilesAndDirectories** | Write | StringArray[] | Restore Files And Directories | | +| **TakeOwnership** | Write | StringArray[] | Take Ownership | | +| **HypervisorEnforcedCodeIntegrity** | Write | String | Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.) | `0`, `1`, `2` | +| **AllowAutoConnectToWiFiSenseHotspots** | Write | String | Allow Auto Connect To Wi Fi Sense Hotspots (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowInternetSharing** | Write | String | Allow Internet Sharing (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **FacialFeaturesUseEnhancedAntiSpoofing** | Write | String | Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled) | `false`, `true` | +| **AllowWindowsInkWorkspace** | Write | String | Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.) | `0`, `1`, `2` | +| **BackupDirectory** | Write | String | Backup Directory (0: Disabled (password will not be backed up), 1: Backup the password to Azure AD only, 2: Backup the password to Active Directory only) | `0`, `1`, `2` | +| **ADEncryptedPasswordHistorySize** | Write | SInt32 | AD Encrypted Password History Size - Depends on BackupDirectory | | +| **passwordagedays** | Write | SInt32 | Password Age Days - Depends on BackupDirectory | | +| **ADPasswordEncryptionEnabled** | Write | String | AD Password Encryption Enabled - Depends on BackupDirectory (false: Store the password in clear-text form in Active Directory, true: Store the password in encrypted form in Active Directory) | `false`, `true` | +| **passwordagedays_aad** | Write | SInt32 | Password Age Days - Depends on BackupDirectory | | +| **ADPasswordEncryptionPrincipal** | Write | String | AD Password Encryption Principal - Depends on BackupDirectory | | +| **PasswordExpirationProtectionEnabled** | Write | String | Password Expiration Protection Enabled - Depends on BackupDirectory (false: Allow configured password expiriration timestamp to exceed maximum password age, true: Do not allow configured password expiriration timestamp to exceed maximum password age) | `false`, `true` | + +### MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + +#### Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **NoLockScreenToastNotification** | Write | String | Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **RestrictFormSuggestPW** | Write | String | Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled) | `0`, `1` | +| **ChkBox_PasswordAsk** | Write | String | Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True) | `0`, `1` | +| **AllowWindowsSpotlight** | Write | String | Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowWindowsTips** | Write | String | Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.) | `0`, `1` | +| **AllowTailoredExperiencesWithDiagnosticData** | Write | String | Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowWindowsSpotlightOnActionCenter** | Write | String | Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowWindowsConsumerFeatures** | Write | String | Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **ConfigureWindowsSpotlightOnLockScreen** | Write | String | Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only) | `0`, `1`, `2`, `3` | +| **AllowWindowsSpotlightWindowsWelcomeExperience** | Write | String | Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.) | `0`, `1` | +| **AllowThirdPartySuggestionsInWindowsSpotlight** | Write | String | Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.) | `0`, `1` | + + +## Description + +Intune Security Baseline for Windows10 + +## Permissions + +### Microsoft Graph + +To authenticate with the Microsoft Graph API, this resource required the following permissions: + +#### Delegated permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, Group.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +#### Application permissions + +- **Read** + + - DeviceManagementConfiguration.Read.All, Group.Read.All + +- **Update** + + - Group.Read.All, DeviceManagementConfiguration.ReadWrite.All + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + { + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + HardenedUNCPaths_Pol_HardenedPaths = '1' + pol_hardenedPaths = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths{ + Key = '\\*\SYSVOL' + Value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + ) + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + { + AllowWindowsSpotlight = '1' + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10 + { + Pol_MSS_DisableIPSourceRoutingIPv6 = '1' + DisableIPSourceRoutingIPv6 = '0' + BlockExecutionOfPotentiallyObfuscatedScripts = 'block' + HardenedUNCPaths_Pol_HardenedPaths = '1' + pol_hardenedPaths = @( + MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths{ + Key = '\\*\SYSVOL' + Value = 'RequireMutualAuthentication=1,RequireIntegrity=1' + } + ) + } + UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10 + { + AllowWindowsSpotlight = '1' #drift + } + Ensure = 'Present' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + +### Example 3 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + IntuneSecurityBaselineWindows10 'mySecurityBaselineWindows10' + { + DisplayName = 'test' + Ensure = 'Absent' + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} +``` + diff --git a/docs/docs/resources/teams/TeamsMeetingPolicy.md b/docs/docs/resources/teams/TeamsMeetingPolicy.md index acefdca8e8..aa576c1124 100644 --- a/docs/docs/resources/teams/TeamsMeetingPolicy.md +++ b/docs/docs/resources/teams/TeamsMeetingPolicy.md @@ -49,7 +49,7 @@ | **ChannelRecordingDownload** | Write | String | Determines how channel meeting recordings are saved, permissioned, and who can download them. | `Allow`, `Block` | | **ConnectToMeetingControls** | Write | String | Allows external connections of thirdparty apps to Microsoft Teams. | `Enabled`, `Disabled` | | **ContentSharingInExternalMeetings** | Write | String | This policy allows admins to determine whether the user can share content in meetings organized by external organizations. The user should have a Teams Premium license to be protected under this policy. | `EnabledForAnyone`, `EnabledForTrustedOrgs`, `Disabled` | -| **Copilot** | Write | String | This setting allows the admin to choose whether Copilot will be enabled with a persisted transcript or a non-persisted transcript. | `Enabled`, `EnabledWithTranscript` | +| **Copilot** | Write | String | This setting allows the admin to choose whether Copilot will be enabled with a persisted transcript or a non-persisted transcript. | `Disabled`, `Enabled`, `EnabledWithTranscript`, `EnabledWithTranscriptDefaultOn` | | **CopyRestriction** | Write | Boolean | This parameter enables a setting that controls a meeting option which allows users to disable right-click or Ctrl+C to copy, Copy link, Forward message, and Share to Outlook for meeting chat messages. | | | **DesignatedPresenterRoleMode** | Write | String | Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings. | `OrganizerOnlyUserOverride`, `EveryoneInCompanyUserOverride`, `EveryoneUserOverride` | | **DetectSensitiveContentDuringScreenSharing** | Write | Boolean | Allows the admin to enable sensitive content detection during screen share. | | diff --git a/docs/docs/user-guide/cmdlets/Get-M365DSCWorkloadsListFromResourceNames.md b/docs/docs/user-guide/cmdlets/Get-M365DSCWorkloadsListFromResourceNames.md index ba1ff1e78a..8db7fc302a 100644 --- a/docs/docs/user-guide/cmdlets/Get-M365DSCWorkloadsListFromResourceNames.md +++ b/docs/docs/user-guide/cmdlets/Get-M365DSCWorkloadsListFromResourceNames.md @@ -13,12 +13,21 @@ This function outputs information as the following type: | Parameter | Required | DataType | Default Value | Allowed Values | Description | | --- | --- | --- | --- | --- | --- | -| ResourceNames | True | Array | | | Specifies the resources for which the workloads should be determined. | +| ResourceNames | True | Array | | | Specifies the resources for which the workloads should be determined. +Either a single string, an array of strings or an object with 'Name' and 'AuthenticationMethod' can be provided. | ## Examples -------------------------- EXAMPLE 1 -------------------------- -`Get-M365DSCWorkloadsListFromResourceNames -ResourceNames AADUSer` +`Get-M365DSCWorkloadsListFromResourceNames -ResourceNames AADUser` + +-------------------------- EXAMPLE 2 -------------------------- + +`Get-M365DSCWorkloadsListFromResourceNames -ResourceNames @('AADUser', 'AADGroup')` + +-------------------------- EXAMPLE 3 -------------------------- + +`Get-M365DSCWorkloadsListFromResourceNames -ResourceNames @{Name = 'AADUser'; AuthenticationMethod = 'Credentials'}` diff --git a/docs/docs/user-guide/get-started/deploying-configurations.md b/docs/docs/user-guide/get-started/deploying-configurations.md index 496b5b23f2..e78c4b854d 100644 --- a/docs/docs/user-guide/get-started/deploying-configurations.md +++ b/docs/docs/user-guide/get-started/deploying-configurations.md @@ -31,6 +31,8 @@ For more information and more advanced topics, please make sure you review the f The first step in trying to deploy a DSC configuration is to compile the configuration file into a MOF file. Doing so simply involves executing the .ps1 file that contains your configuration. The process of compiling your configuration will also perform some level of validation on the configuration, such as ensuring that every component defined in the file has all of their mandatory parameters defined, and that there are no typos in components or property names. If the compilation process is successful, you should see a message indicating that the MOF file was created. By default, this file is created in the same path your configuration file is located, and will create a new subfolder based on the name of the configuration object defined within your file. +**Attention: If your configuration contains empty arrays, then it must be compiled in Windows PowerShell (5.1). Otherwise, the affected properties might be omitted in the result file.** +
![Running a configuration compilation](../../Images/CompileConfiguration.png)
Running a configuration compilation