Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneAppProtectionPolicyiOS: Assignments not hardcoded to ObjectId #4568

Open
JonasCordsen opened this issue Apr 17, 2024 · 0 comments
Open

IntuneAppProtectionPolicyiOS: Assignments not hardcoded to ObjectId #4568

JonasCordsen opened this issue Apr 17, 2024 · 0 comments
Labels
Enhancement New feature or request Intune

Comments

@JonasCordsen
Copy link

Description of the issue

Referring to the documentation, we need to specify an object ID in order to assign the App protection polices to a group

Could it be possible to have this change so that you can specify a group name, this would help with creating a more general configuration

Microsoft 365 DSC Version

1.24.403.1

Which workloads are affected

Intune

The DSC configuration

IntuneAppProtectionPolicyiOS "IntuneAppProtectionPolicyiOS-PolicyName"
        {
            AllowedDataStorageLocations                    = @("oneDriveForBusiness")
            AllowedInboundDataTransferSources              = "allApps"
            AllowedOutboundClipboardSharingExceptionLength = 0
            AllowedOutboundClipboardSharingLevel           = "managedAppsWithPasteIn"
            AllowedOutboundDataTransferDestinations        = "managedApps"
            AppActionIfDeviceComplianceRequired            = "block"
            AppActionIfIosDeviceModelNotAllowed            = "block"
            AppActionIfMaximumPinRetriesExceeded           = "block"
            AppDataEncryptionType                          = "whenDeviceLocked"
            ApplicationId                                  = $ApplicationId
            Apps                                           = @("com.microsoft.azure","com.microsoft.copilot","com.microsoft.dynamics","com.microsoft.dynamics.invoice","com.microsoft.dynamics.iphone.moca","com.microsoft.loop","com.microsoft.mobile.polymer","com.microsoft.msapps","com.microsoft.msedge","com.microsoft.o365shdmobileapp","com.microsoft.office.excel","com.microsoft.office.outlook","com.microsoft.office.powerpoint","com.microsoft.office.word","com.microsoft.officelens","com.microsoft.officemobile","com.microsoft.onenote","com.microsoft.plannermobile","com.microsoft.powerbimobile","com.microsoft.sharepoint","com.microsoft.shiftr","com.microsoft.skydrive","com.microsoft.skype.teams","com.microsoft.splists","com.microsoft.stream","com.microsoft.to-do","com.microsoft.whiteboard","com.printeron.printeron.microsoft")
            Assignments                                    = @("ObjectId")
            CertificateThumbprint                          = $CertificateThumbprint
            ContactSyncBlocked                             = $False
            CustomBrowserProtocol                          = ""
            DataBackupBlocked                              = $True
            Description                                    = ""
            DeviceComplianceRequired                       = $True
            DisableAppPinIfDevicePinIsSet                  = $False
            DisableProtectionOfManagedOutboundOpenInData   = $False
            DisplayName                                    = "NameRemoved"
            Ensure                                         = "Present"
            ExcludedGroups                                 = @()
            ExemptedAppProtocols                           = @("Default:skypeapp-settingscalshowitmsitmssitms-appsitms-appssitms-services")
            FaceIdBlocked                                  = $False
            FilterOpenInToOnlyManagedApps                  = $False
            FingerprintBlocked                             = $False
            Identity                                       = "IdRemoved"
            ManagedBrowser                                 = "notConfigured"
            ManagedBrowserToOpenLinksRequired              = $False
            MaximumPinRetries                              = 5
            MinimumPinLength                               = 4
            NotificationRestriction                        = "allow"
            OrganizationalCredentialsRequired              = $False
            PeriodBeforePinReset                           = "00:00:00"
            PeriodOfflineBeforeAccessCheck                 = "1.00:00:00"
            PeriodOfflineBeforeWipeIsEnforced              = "90.00:00:00"
            PeriodOnlineBeforeAccessCheck                  = "00:30:00"
            PinCharacterSet                                = "numeric"
            PinRequired                                    = $True
            PinRequiredInsteadOfBiometricTimeout           = "00:30:00"
            PrintBlocked                                   = $False
            ProtectInboundDataFromUnknownSources           = $False
            SaveAsBlocked                                  = $True
            SimplePinBlocked                               = $False
            TargetedAppManagementLevels                    = "unspecified"
            TenantId                                       = $TenantId
        }

Verbose logs showing the problem

No response

Environment Information + PowerShell Version

No response
@andikrueger andikrueger added Enhancement New feature or request Intune labels Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement New feature or request Intune
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andikrueger @JonasCordsen