-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathManagedAppPolicy_Add.ps1
67 lines (58 loc) · 2.27 KB
/
ManagedAppPolicy_Add.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Import-Module Microsoft.Graph.Devices.CorporateManagement
<# region Authentication
To authenticate, you'll use the Microsoft Graph PowerShell SDK. If you haven't already installed the SDK, see this guide:
https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation?view=graph-powershell-1.0
The PowerShell SDK supports two types of authentication: delegated access, and app-only access.
For details on using delegated access, see this guide here:
https://learn.microsoft.com/powershell/microsoftgraph/get-started?view=graph-powershell-1.0
For details on using app-only access for unattended scenarios, see Use app-only authentication with the Microsoft Graph PowerShell SDK:
https://learn.microsoft.com/powershell/microsoftgraph/app-only?view=graph-powershell-1.0&tabs=azure-portal
#>
# Define the apps to be included in the policy
$Apps = @(
@{
MobileAppIdentifier = @{
"@odata.type" = "#microsoft.graph.iosMobileAppIdentifier"
bundleId = "com.microsoft.officemobile"
}
}
@{
MobileAppIdentifier = @{
"@odata.type" = "#microsoft.graph.iosMobileAppIdentifier"
bundleId = "com.microsoft.office.outlook"
}
}
)
Write-Host "Creating Policy..."
Write-Host
# Create the policy
$CreateResult = New-MgDeviceAppMgtiOSManagedAppProtection `
-Apps $Apps `
-AllowedDataStorageLocations oneDriveForBusiness `
-AllowedInboundDataTransferSources allApps `
-AllowedOutboundClipboardSharingLevel managedAppsWithPasteIn `
-AllowedOutboundDataTransferDestinations allApps `
-ContactSyncBlocked `
-DataBackupBlocked `
-DeviceComplianceRequired `
-DisableAppPinIfDevicePinIsSet `
-FaceIdBlocked `
-FingerprintBlocked `
-DisplayName 'iOS App Protection Policy' `
-ManagedBrowser microsoftEdge `
-OrganizationalCredentialsRequired `
-MinimumWarningOSVersion 12.0 `
-PeriodBeforePinReset 30 `
-SaveAsBlocked `
-PrintBlocked `
-PinRequired `
-PeriodOfflineBeforeAccessCheck 720 `
-PeriodOfflineBeforeWipeIsEnforced 90 `
-PeriodOnlineBeforeAccessCheck 30 `
if ($null -ne $CreateResult.Id -and $CreateResult.Id -ne "") {
# Confirm the policy was created successfully by printing the ID
Write-Host "Policy created with id" $CreateResult.id
}
else {
Write-Host "Policy creation failed" -ForegroundColor Red
}