-
Notifications
You must be signed in to change notification settings - Fork 518
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated Resources and Cmdlet documentation pages
- Loading branch information
1 parent
b2adcc5
commit dad7013
Showing
1 changed file
with
78 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| # AADExternalIdentityPolicy | ||
|
|
||
| ## Parameters | ||
|
|
||
| | Parameter | Attribute | DataType | Description | Allowed Values | | ||
| | --- | --- | --- | --- | --- | | ||
| | **IsSingleInstance** | Key | String | Only valid value is 'Yes'. | `Yes` | | ||
| | **AllowDeletedIdentitiesDataRemoval** | Write | Boolean | Reserved for future use. | | | ||
| | **allowExternalIdentitiesToLeave** | Required | Boolean | Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days. | | | ||
| | **Credential** | Write | PSCredential | Credentials for the Microsoft Graph delegated permissions. | | | ||
| | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | | ||
| | **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | | ||
| | **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory application to authenticate with. | | | ||
| | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | ||
| | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | | ||
|
|
||
| ## Description | ||
|
|
||
| Represents the tenant-wide policy that controls whether external users can leave the guest Microsoft Entra tenant via self-service controls. | ||
|
|
||
| ## Permissions | ||
|
|
||
| ### Microsoft Graph | ||
|
|
||
| To authenticate with the Microsoft Graph API, this resource required the following permissions: | ||
|
|
||
| #### Delegated permissions | ||
|
|
||
| - **Read** | ||
|
|
||
| - None | ||
|
|
||
| - **Update** | ||
|
|
||
| - None | ||
|
|
||
| #### Application permissions | ||
|
|
||
| - **Read** | ||
|
|
||
| - Policy.Read.All | ||
|
|
||
| - **Update** | ||
|
|
||
| - Policy.ReadWrite.ExternalIdentities | ||
|
|
||
| ## Examples | ||
|
|
||
| ### Example 1 | ||
|
|
||
| This example is used to test new resources and showcase the usage of new resources being worked on. | ||
| It is not meant to use as a production baseline. | ||
|
|
||
| ```powershell | ||
| Configuration Example | ||
| { | ||
| param | ||
| ( | ||
| [Parameter(Mandatory = $true)] | ||
| [PSCredential] | ||
| $credsAdmin | ||
| ) | ||
| Import-DscResource -ModuleName Microsoft365DSC | ||
| node localhost | ||
| { | ||
| AADExternalIdentityPolicy "AADExternalIdentityPolicy" | ||
| { | ||
| AllowDeletedIdentitiesDataRemoval = $False; | ||
| AllowExternalIdentitiesToLeave = $True; | ||
| Credential = $CredsAdmin; | ||
| IsSingleInstance = "Yes"; | ||
| } | ||
| } | ||
| } | ||
| ``` | ||
|
|