Microsoft365DSC
Microsoft365DSC copied to clipboard
microsoft
IntuneAppProtectionPolicyiOS: Assignments not hardcoded to ObjectId
Description of the issue
Referring to the documentation, we need to specify an object ID in order to assign the App protection polices to a group
Could it be possible to have this change so that you can specify a group name, this would help with creating a more general configuration
Microsoft 365 DSC Version
1.24.403.1
Which workloads are affected
Intune
The DSC configuration
IntuneAppProtectionPolicyiOS "IntuneAppProtectionPolicyiOS-PolicyName"
{
AllowedDataStorageLocations = @("oneDriveForBusiness")
AllowedInboundDataTransferSources = "allApps"
AllowedOutboundClipboardSharingExceptionLength = 0
AllowedOutboundClipboardSharingLevel = "managedAppsWithPasteIn"
AllowedOutboundDataTransferDestinations = "managedApps"
AppActionIfDeviceComplianceRequired = "block"
AppActionIfIosDeviceModelNotAllowed = "block"
AppActionIfMaximumPinRetriesExceeded = "block"
AppDataEncryptionType = "whenDeviceLocked"
ApplicationId = $ApplicationId
Apps = @("com.microsoft.azure","com.microsoft.copilot","com.microsoft.dynamics","com.microsoft.dynamics.invoice","com.microsoft.dynamics.iphone.moca","com.microsoft.loop","com.microsoft.mobile.polymer","com.microsoft.msapps","com.microsoft.msedge","com.microsoft.o365shdmobileapp","com.microsoft.office.excel","com.microsoft.office.outlook","com.microsoft.office.powerpoint","com.microsoft.office.word","com.microsoft.officelens","com.microsoft.officemobile","com.microsoft.onenote","com.microsoft.plannermobile","com.microsoft.powerbimobile","com.microsoft.sharepoint","com.microsoft.shiftr","com.microsoft.skydrive","com.microsoft.skype.teams","com.microsoft.splists","com.microsoft.stream","com.microsoft.to-do","com.microsoft.whiteboard","com.printeron.printeron.microsoft")
Assignments = @("ObjectId")
CertificateThumbprint = $CertificateThumbprint
ContactSyncBlocked = $False
CustomBrowserProtocol = ""
DataBackupBlocked = $True
Description = ""
DeviceComplianceRequired = $True
DisableAppPinIfDevicePinIsSet = $False
DisableProtectionOfManagedOutboundOpenInData = $False
DisplayName = "NameRemoved"
Ensure = "Present"
ExcludedGroups = @()
ExemptedAppProtocols = @("Default:skypeapp-settingscalshowitmsitmssitms-appsitms-appssitms-services")
FaceIdBlocked = $False
FilterOpenInToOnlyManagedApps = $False
FingerprintBlocked = $False
Identity = "IdRemoved"
ManagedBrowser = "notConfigured"
ManagedBrowserToOpenLinksRequired = $False
MaximumPinRetries = 5
MinimumPinLength = 4
NotificationRestriction = "allow"
OrganizationalCredentialsRequired = $False
PeriodBeforePinReset = "00:00:00"
PeriodOfflineBeforeAccessCheck = "1.00:00:00"
PeriodOfflineBeforeWipeIsEnforced = "90.00:00:00"
PeriodOnlineBeforeAccessCheck = "00:30:00"
PinCharacterSet = "numeric"
PinRequired = $True
PinRequiredInsteadOfBiometricTimeout = "00:30:00"
PrintBlocked = $False
ProtectInboundDataFromUnknownSources = $False
SaveAsBlocked = $True
SimplePinBlocked = $False
TargetedAppManagementLevels = "unspecified"
TenantId = $TenantId
}
Verbose logs showing the problem
No response
Environment Information + PowerShell Version
No response
