< Back
Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies
Post
NAME Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies
SYNOPSIS
Updates a "microsoft.graph.mdmWindowsInformationProtectionPolicy".
SYNTAX
Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies -mdmWindowsInformationProtectionPolicyId
<string> [-assignments <object[]>] [-azureRightsManagementServicesAllowed <bool>] [-createdDateTime
<DateTimeOffset>] [-dataRecoveryCertificate <object>] [-description <string>] [-displayName <string>]
[-enforcementLevel <string>] [-enterpriseDomain <string>] [-enterpriseInternalProxyServers <object[]>]
[-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative <bool>] [-enterpriseNetworkDomainNames
<object[]>] [-enterpriseProtectedDomainNames <object[]>] [-enterpriseProxiedDomains <object[]>]
[-enterpriseProxyServers <object[]>] [-enterpriseProxyServersAreAuthoritative <bool>] [-exemptAppLockerFiles
<object[]>] [-exemptApps <object[]>] [-iconsVisible <bool>] [-indexingEncryptedStoresOrItemsBlocked <bool>]
[-isAssigned <bool>] [-lastModifiedDateTime <DateTimeOffset>] [-neutralDomainResources <object[]>]
[-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>] [-protectionUnderLockConfigRequired <bool>]
[-revokeOnUnenrollDisabled <bool>] [-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions
<object[]>] [-version <string>] [<CommonParameters>]
Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies -mdmWindowsInformationProtectionPolicyId
<string> -ODataType <string> [-assignments <object[]>] [-azureRightsManagementServicesAllowed <bool>]
[-createdDateTime <DateTimeOffset>] [-dataRecoveryCertificate <object>] [-description <string>] [-displayName
<string>] [-enforcementLevel <string>] [-enterpriseDomain <string>] [-enterpriseInternalProxyServers <object[]>]
[-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative <bool>] [-enterpriseNetworkDomainNames
<object[]>] [-enterpriseProtectedDomainNames <object[]>] [-enterpriseProxiedDomains <object[]>]
[-enterpriseProxyServers <object[]>] [-enterpriseProxyServersAreAuthoritative <bool>] [-exemptAppLockerFiles
<object[]>] [-exemptApps <object[]>] [-iconsVisible <bool>] [-indexingEncryptedStoresOrItemsBlocked <bool>]
[-isAssigned <bool>] [-lastModifiedDateTime <DateTimeOffset>] [-neutralDomainResources <object[]>]
[-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>] [-protectionUnderLockConfigRequired <bool>]
[-revokeOnUnenrollDisabled <bool>] [-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions
<object[]>] [-version <string>] [<CommonParameters>]
DESCRIPTION
Updates a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
Windows information protection for apps running on devices which are MDM enrolled.
Graph Call: PATCH ~/deviceAppManagement/mdmWindowsInformationProtectionPolicies
PARAMETERS
-mdmWindowsInformationProtectionPolicyId <string>
The ID for a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-enforcementLevel <string>
The "enforcementLevel" property, of type "microsoft.graph.windowsInformationProtectionEnforcementLevel".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
WIP enforcement level.See the Enum definition for supported values
Valid values: 'noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock'
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseDomain <string>
The "enterpriseDomain" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Primary enterprise domain
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProtectedDomainNames <object[]>
The "enterpriseProtectedDomainNames" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
List of enterprise domains to be protected
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-protectionUnderLockConfigRequired <bool>
The "protectionUnderLockConfigRequired" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dataRecoveryCertificate <object>
The "dataRecoveryCertificate" property, of type
"microsoft.graph.windowsInformationProtectionDataRecoveryCertificate".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as
the data recovery agent(DRA) certificate for encrypting file system(EFS)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-revokeOnUnenrollDisabled <bool>
The "revokeOnUnenrollDisabled" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If
set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to
protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup
subsequently.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-rightsManagementServicesTemplateId <Guid>
The "rightsManagementServicesTemplateId" property, of type "Edm.Guid".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about
who has access to RMS-protected file and how long they have access
Required? false
Position? named
Default value 00000000-0000-0000-0000-000000000000
Accept pipeline input? false
Accept wildcard characters? false
-azureRightsManagementServicesAllowed <bool>
The "azureRightsManagementServicesAllowed" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies whether to allow Azure RMS encryption for WIP
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-iconsVisible <bool>
The "iconsVisible" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app
tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of
the WIP icon in the title bar of a WIP-protected app
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-protectedApps <object[]>
The "protectedApps" property, of type "microsoft.graph.windowsInformationProtectionApp".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Protected applications can access enterprise data and the data handled by those applications are protected
with encryption
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-exemptApps <object[]>
The "exemptApps" property, of type "microsoft.graph.windowsInformationProtectionApp".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Exempt applications can also access enterprise data, but the data handled by those applications are not
protected. This is because some critical enterprise applications may have compatibility problems with
encrypted data.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseNetworkDomainNames <object[]>
The "enterpriseNetworkDomainNames" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains
that is sent to a device will be considered enterprise data and protected These locations will be considered a
safe destination for enterprise data to be shared to
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxiedDomains <object[]>
The "enterpriseProxiedDomains" property, of type
"microsoft.graph.windowsInformationProtectionProxiedDomainCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to
these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the
cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A
proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseIPRanges <object[]>
The "enterpriseIPRanges" property, of type "microsoft.graph.windowsInformationProtectionIPRangeCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those
computers will be considered part of the enterprise and protected. These locations will be considered a safe
destination for enterprise data to be shared to
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseIPRangesAreAuthoritative <bool>
The "enterpriseIPRangesAreAuthoritative" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find
other subnets. Default is false
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxyServers <object[]>
The "enterpriseProxyServers" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is a list of proxy servers. Any server not on this list is considered non-enterprise
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseInternalProxyServers <object[]>
The "enterpriseInternalProxyServers" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118,
10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to
specific resources on the Internet. They are considered to be enterprise network locations. The proxies are
only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains
through these proxies
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxyServersAreAuthoritative <bool>
The "enterpriseProxyServersAreAuthoritative" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Boolean value that tells the client to accept the configured list of proxies and not try to detect other work
proxies. Default is false
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-neutralDomainResources <object[]>
The "neutralDomainResources" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
List of domain names that can used for work or personal resource
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-indexingEncryptedStoresOrItemsBlocked <bool>
The "indexingEncryptedStoresOrItemsBlocked" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This switch is for the Windows Search Indexer, to allow or disallow indexing of items
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-smbAutoEncryptedFileExtensions <object[]>
The "smbAutoEncryptedFileExtensions" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an
SMB share within the corporate boundary
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-isAssigned <bool>
The "isAssigned" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Indicates if the policy is deployed to any inclusion groups or not.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-protectedAppLockerFiles <object[]>
The "protectedAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Another way to input protected apps through xml files
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-exemptAppLockerFiles <object[]>
The "exemptAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Another way to input exempt apps through xml files
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-assignments <object[]>
The "assignments" property, of type "microsoft.graph.targetedManagedAppPolicyAssignment".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Navigation property to list of security groups targeted for policy.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-displayName <string>
The "displayName" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Policy display name.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-description <string>
The "description" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
The policy's description.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-createdDateTime <DateTimeOffset>
The "createdDateTime" property, of type "Edm.DateTimeOffset".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
The date and time the policy was created.
Required? false
Position? named
Default value 1/1/0001 12:00:00 AM +00:00
Accept pipeline input? false
Accept wildcard characters? false
-lastModifiedDateTime <DateTimeOffset>
The "lastModifiedDateTime" property, of type "Edm.DateTimeOffset".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Last time the policy was modified.
Required? false
Position? named
Default value 1/1/0001 12:00:00 AM +00:00
Accept pipeline input? false
Accept wildcard characters? false
-version <string>
The "version" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Version of the entity.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ODataType <string>
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-@odata.type <string>
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
This is an alias of the ODataType parameter.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
The ID for a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
System.String
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
OUTPUTS
RELATED LINKS
GitHub Repository https://github.com/Microsoft/Intune-PowerShell-SDK
SYNOPSIS
Updates a "microsoft.graph.mdmWindowsInformationProtectionPolicy".
SYNTAX
Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies -mdmWindowsInformationProtectionPolicyId
<string> [-assignments <object[]>] [-azureRightsManagementServicesAllowed <bool>] [-createdDateTime
<DateTimeOffset>] [-dataRecoveryCertificate <object>] [-description <string>] [-displayName <string>]
[-enforcementLevel <string>] [-enterpriseDomain <string>] [-enterpriseInternalProxyServers <object[]>]
[-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative <bool>] [-enterpriseNetworkDomainNames
<object[]>] [-enterpriseProtectedDomainNames <object[]>] [-enterpriseProxiedDomains <object[]>]
[-enterpriseProxyServers <object[]>] [-enterpriseProxyServersAreAuthoritative <bool>] [-exemptAppLockerFiles
<object[]>] [-exemptApps <object[]>] [-iconsVisible <bool>] [-indexingEncryptedStoresOrItemsBlocked <bool>]
[-isAssigned <bool>] [-lastModifiedDateTime <DateTimeOffset>] [-neutralDomainResources <object[]>]
[-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>] [-protectionUnderLockConfigRequired <bool>]
[-revokeOnUnenrollDisabled <bool>] [-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions
<object[]>] [-version <string>] [<CommonParameters>]
Update-DeviceAppManagement_MdmWindowsInformationProtectionPolicies -mdmWindowsInformationProtectionPolicyId
<string> -ODataType <string> [-assignments <object[]>] [-azureRightsManagementServicesAllowed <bool>]
[-createdDateTime <DateTimeOffset>] [-dataRecoveryCertificate <object>] [-description <string>] [-displayName
<string>] [-enforcementLevel <string>] [-enterpriseDomain <string>] [-enterpriseInternalProxyServers <object[]>]
[-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative <bool>] [-enterpriseNetworkDomainNames
<object[]>] [-enterpriseProtectedDomainNames <object[]>] [-enterpriseProxiedDomains <object[]>]
[-enterpriseProxyServers <object[]>] [-enterpriseProxyServersAreAuthoritative <bool>] [-exemptAppLockerFiles
<object[]>] [-exemptApps <object[]>] [-iconsVisible <bool>] [-indexingEncryptedStoresOrItemsBlocked <bool>]
[-isAssigned <bool>] [-lastModifiedDateTime <DateTimeOffset>] [-neutralDomainResources <object[]>]
[-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>] [-protectionUnderLockConfigRequired <bool>]
[-revokeOnUnenrollDisabled <bool>] [-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions
<object[]>] [-version <string>] [<CommonParameters>]
DESCRIPTION
Updates a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
Windows information protection for apps running on devices which are MDM enrolled.
Graph Call: PATCH ~/deviceAppManagement/mdmWindowsInformationProtectionPolicies
PARAMETERS
-mdmWindowsInformationProtectionPolicyId <string>
The ID for a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-enforcementLevel <string>
The "enforcementLevel" property, of type "microsoft.graph.windowsInformationProtectionEnforcementLevel".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
WIP enforcement level.See the Enum definition for supported values
Valid values: 'noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock'
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseDomain <string>
The "enterpriseDomain" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Primary enterprise domain
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProtectedDomainNames <object[]>
The "enterpriseProtectedDomainNames" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
List of enterprise domains to be protected
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-protectionUnderLockConfigRequired <bool>
The "protectionUnderLockConfigRequired" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dataRecoveryCertificate <object>
The "dataRecoveryCertificate" property, of type
"microsoft.graph.windowsInformationProtectionDataRecoveryCertificate".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as
the data recovery agent(DRA) certificate for encrypting file system(EFS)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-revokeOnUnenrollDisabled <bool>
The "revokeOnUnenrollDisabled" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If
set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to
protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup
subsequently.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-rightsManagementServicesTemplateId <Guid>
The "rightsManagementServicesTemplateId" property, of type "Edm.Guid".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about
who has access to RMS-protected file and how long they have access
Required? false
Position? named
Default value 00000000-0000-0000-0000-000000000000
Accept pipeline input? false
Accept wildcard characters? false
-azureRightsManagementServicesAllowed <bool>
The "azureRightsManagementServicesAllowed" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies whether to allow Azure RMS encryption for WIP
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-iconsVisible <bool>
The "iconsVisible" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app
tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of
the WIP icon in the title bar of a WIP-protected app
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-protectedApps <object[]>
The "protectedApps" property, of type "microsoft.graph.windowsInformationProtectionApp".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Protected applications can access enterprise data and the data handled by those applications are protected
with encryption
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-exemptApps <object[]>
The "exemptApps" property, of type "microsoft.graph.windowsInformationProtectionApp".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Exempt applications can also access enterprise data, but the data handled by those applications are not
protected. This is because some critical enterprise applications may have compatibility problems with
encrypted data.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseNetworkDomainNames <object[]>
The "enterpriseNetworkDomainNames" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains
that is sent to a device will be considered enterprise data and protected These locations will be considered a
safe destination for enterprise data to be shared to
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxiedDomains <object[]>
The "enterpriseProxiedDomains" property, of type
"microsoft.graph.windowsInformationProtectionProxiedDomainCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to
these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the
cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A
proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseIPRanges <object[]>
The "enterpriseIPRanges" property, of type "microsoft.graph.windowsInformationProtectionIPRangeCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those
computers will be considered part of the enterprise and protected. These locations will be considered a safe
destination for enterprise data to be shared to
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseIPRangesAreAuthoritative <bool>
The "enterpriseIPRangesAreAuthoritative" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find
other subnets. Default is false
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxyServers <object[]>
The "enterpriseProxyServers" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is a list of proxy servers. Any server not on this list is considered non-enterprise
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseInternalProxyServers <object[]>
The "enterpriseInternalProxyServers" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118,
10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to
specific resources on the Internet. They are considered to be enterprise network locations. The proxies are
only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains
through these proxies
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-enterpriseProxyServersAreAuthoritative <bool>
The "enterpriseProxyServersAreAuthoritative" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Boolean value that tells the client to accept the configured list of proxies and not try to detect other work
proxies. Default is false
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-neutralDomainResources <object[]>
The "neutralDomainResources" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
List of domain names that can used for work or personal resource
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-indexingEncryptedStoresOrItemsBlocked <bool>
The "indexingEncryptedStoresOrItemsBlocked" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
This switch is for the Windows Search Indexer, to allow or disallow indexing of items
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-smbAutoEncryptedFileExtensions <object[]>
The "smbAutoEncryptedFileExtensions" property, of type
"microsoft.graph.windowsInformationProtectionResourceCollection".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an
SMB share within the corporate boundary
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-isAssigned <bool>
The "isAssigned" property, of type "Edm.Boolean".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Indicates if the policy is deployed to any inclusion groups or not.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-protectedAppLockerFiles <object[]>
The "protectedAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Another way to input protected apps through xml files
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-exemptAppLockerFiles <object[]>
The "exemptAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Another way to input exempt apps through xml files
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-assignments <object[]>
The "assignments" property, of type "microsoft.graph.targetedManagedAppPolicyAssignment".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Navigation property to list of security groups targeted for policy.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-displayName <string>
The "displayName" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Policy display name.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-description <string>
The "description" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
The policy's description.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-createdDateTime <DateTimeOffset>
The "createdDateTime" property, of type "Edm.DateTimeOffset".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
The date and time the policy was created.
Required? false
Position? named
Default value 1/1/0001 12:00:00 AM +00:00
Accept pipeline input? false
Accept wildcard characters? false
-lastModifiedDateTime <DateTimeOffset>
The "lastModifiedDateTime" property, of type "Edm.DateTimeOffset".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Last time the policy was modified.
Required? false
Position? named
Default value 1/1/0001 12:00:00 AM +00:00
Accept pipeline input? false
Accept wildcard characters? false
-version <string>
The "version" property, of type "Edm.String".
This property is on the "microsoft.graph.mdmWindowsInformationProtectionPolicy" type.
Version of the entity.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ODataType <string>
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-@odata.type <string>
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
This is an alias of the ODataType parameter.
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
The ID for a "microsoft.graph.mdmWindowsInformationProtectionPolicy" object in the
"mdmWindowsInformationProtectionPolicies" collection.
System.String
The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.
OUTPUTS
RELATED LINKS
GitHub Repository https://github.com/Microsoft/Intune-PowerShell-SDK