< Back

Update-DeviceAppManagement_WindowsInformationProtectionPolicies

Sat Jan 18, 2020 2:16 pm

NAME Update-DeviceAppManagement_WindowsInformationProtectionPolicies



SYNOPSIS

Updates a "microsoft.graph.windowsInformationProtectionPolicy".





SYNTAX

Update-DeviceAppManagement_WindowsInformationProtectionPolicies -windowsInformationProtectionPolicyId <string>

[-assignments <object[]>] [-azureRightsManagementServicesAllowed <bool>] [-createdDateTime <DateTimeOffset>]

[-dataRecoveryCertificate <object>] [-daysWithoutContactBeforeUnenroll <int>] [-description <string>]

[-displayName <string>] [-enforcementLevel <string>] [-enterpriseDomain <string>] [-enterpriseInternalProxyServers

<object[]>] [-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative <bool>]

[-enterpriseNetworkDomainNames <object[]>] [-enterpriseProtectedDomainNames <object[]>] [-enterpriseProxiedDomains

<object[]>] [-enterpriseProxyServers <object[]>] [-enterpriseProxyServersAreAuthoritative <bool>]

[-exemptAppLockerFiles <object[]>] [-exemptApps <object[]>] [-iconsVisible <bool>]

[-indexingEncryptedStoresOrItemsBlocked <bool>] [-isAssigned <bool>] [-lastModifiedDateTime <DateTimeOffset>]

[-mdmEnrollmentUrl <string>] [-minutesOfInactivityBeforeDeviceLock <int>] [-neutralDomainResources <object[]>]

[-numberOfPastPinsRemembered <int>] [-passwordMaximumAttemptCount <int>] [-pinExpirationDays <int>]

[-pinLowercaseLetters <string>] [-pinMinimumLength <int>] [-pinSpecialCharacters <string>] [-pinUppercaseLetters

<string>] [-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>] [-protectionUnderLockConfigRequired

<bool>] [-revokeOnMdmHandoffDisabled <bool>] [-revokeOnUnenrollDisabled <bool>]

[-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions <object[]>] [-version <string>]

[-windowsHelloForBusinessBlocked <bool>] [<CommonParameters>]



Update-DeviceAppManagement_WindowsInformationProtectionPolicies -ODataType <string>

-windowsInformationProtectionPolicyId <string> [-assignments <object[]>] [-azureRightsManagementServicesAllowed

<bool>] [-createdDateTime <DateTimeOffset>] [-dataRecoveryCertificate <object>] [-daysWithoutContactBeforeUnenroll

<int>] [-description <string>] [-displayName <string>] [-enforcementLevel <string>] [-enterpriseDomain <string>]

[-enterpriseInternalProxyServers <object[]>] [-enterpriseIPRanges <object[]>] [-enterpriseIPRangesAreAuthoritative

<bool>] [-enterpriseNetworkDomainNames <object[]>] [-enterpriseProtectedDomainNames <object[]>]

[-enterpriseProxiedDomains <object[]>] [-enterpriseProxyServers <object[]>]

[-enterpriseProxyServersAreAuthoritative <bool>] [-exemptAppLockerFiles <object[]>] [-exemptApps <object[]>]

[-iconsVisible <bool>] [-indexingEncryptedStoresOrItemsBlocked <bool>] [-isAssigned <bool>] [-lastModifiedDateTime

<DateTimeOffset>] [-mdmEnrollmentUrl <string>] [-minutesOfInactivityBeforeDeviceLock <int>]

[-neutralDomainResources <object[]>] [-numberOfPastPinsRemembered <int>] [-passwordMaximumAttemptCount <int>]

[-pinExpirationDays <int>] [-pinLowercaseLetters <string>] [-pinMinimumLength <int>] [-pinSpecialCharacters

<string>] [-pinUppercaseLetters <string>] [-protectedAppLockerFiles <object[]>] [-protectedApps <object[]>]

[-protectionUnderLockConfigRequired <bool>] [-revokeOnMdmHandoffDisabled <bool>] [-revokeOnUnenrollDisabled

<bool>] [-rightsManagementServicesTemplateId <Guid>] [-smbAutoEncryptedFileExtensions <object[]>] [-version

<string>] [-windowsHelloForBusinessBlocked <bool>] [<CommonParameters>]





DESCRIPTION

Updates a "microsoft.graph.windowsInformationProtectionPolicy" object in the

"windowsInformationProtectionPolicies" collection.



Windows information protection for apps running on devices which are not MDM enrolled.



Graph Call: PATCH ~/deviceAppManagement/windowsInformationProtectionPolicies





PARAMETERS

-windowsInformationProtectionPolicyId <string>

The ID for a "microsoft.graph.windowsInformationProtectionPolicy" object in the

"windowsInformationProtectionPolicies" collection.



Required? true

Position? named

Default value

Accept pipeline input? true (ByPropertyName)

Accept wildcard characters? false



-revokeOnMdmHandoffDisabled <bool>

The "revokeOnMdmHandoffDisabled" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



New property in RS2, pending documentation



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-mdmEnrollmentUrl <string>

The "mdmEnrollmentUrl" property, of type "Edm.String".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Enrollment url for the MDM



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-windowsHelloForBusinessBlocked <bool>

The "windowsHelloForBusinessBlocked" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Boolean value that sets Windows Hello for Business as a method for signing into Windows.



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-pinMinimumLength <int>

The "pinMinimumLength" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest

number you can configure for this policy setting is 4. The largest number you can configure must be less than

the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-pinUppercaseLetters <string>

The "pinUppercaseLetters" property, of type

"microsoft.graph.windowsInformationProtectionPinCharacterRequirements".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. Default is

NotAllow.



Valid values: 'notAllow', 'requireAtLeastOne', 'allow'



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-pinLowercaseLetters <string>

The "pinLowercaseLetters" property, of type

"microsoft.graph.windowsInformationProtectionPinCharacterRequirements".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. Default is

NotAllow.



Valid values: 'notAllow', 'requireAtLeastOne', 'allow'



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-pinSpecialCharacters <string>

The "pinSpecialCharacters" property, of type

"microsoft.graph.windowsInformationProtectionPinCharacterRequirements".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid

special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; < =

> ? @ [ \\ ] ^ _ ` { | } ~. Default is NotAllow.



Valid values: 'notAllow', 'requireAtLeastOne', 'allow'



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-pinExpirationDays <int>

The "pinExpirationDays" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value specifies the period of time (in days) that a PIN can be used before the system requires the

user to change it. The largest number you can configure for this policy setting is 730. The lowest number you

can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire.

This node was added in Windows 10, version 1511. Default is 0.



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-numberOfPastPinsRemembered <int>

The "numberOfPastPinsRemembered" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Integer value that specifies the number of past PINs that can be associated to a user account that can't be

reused. The largest number you can configure for this policy setting is 50. The lowest number you can

configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not

required. This node was added in Windows 10, version 1511. Default is 0.



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-passwordMaximumAttemptCount <int>

The "passwordMaximumAttemptCount" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



The number of authentication failures allowed before the device will be wiped. A value of 0 disables device

wipe functionality. Range is an integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices.



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-minutesOfInactivityBeforeDeviceLock <int>

The "minutesOfInactivityBeforeDeviceLock" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device

to become PIN or password locked. Range is an integer X where 0 <= X <= 999.



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-daysWithoutContactBeforeUnenroll <int>

The "daysWithoutContactBeforeUnenroll" property, of type "Edm.Int32".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Offline interval before app data is wiped (days)



Required? false

Position? named

Default value 0

Accept pipeline input? false

Accept wildcard characters? false



-enforcementLevel <string>

The "enforcementLevel" property, of type "microsoft.graph.windowsInformationProtectionEnforcementLevel".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



WIP enforcement level.See the Enum definition for supported values



Valid values: 'noProtection', 'encryptAndAuditOnly', 'encryptAuditAndPrompt', 'encryptAuditAndBlock'



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseDomain <string>

The "enterpriseDomain" property, of type "Edm.String".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Primary enterprise domain



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseProtectedDomainNames <object[]>

The "enterpriseProtectedDomainNames" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



List of enterprise domains to be protected



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-protectionUnderLockConfigRequired <bool>

The "protectionUnderLockConfigRequired" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-dataRecoveryCertificate <object>

The "dataRecoveryCertificate" property, of type

"microsoft.graph.windowsInformationProtectionDataRecoveryCertificate".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as

the data recovery agent(DRA) certificate for encrypting file system(EFS)



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-revokeOnUnenrollDisabled <bool>

The "revokeOnUnenrollDisabled" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If

set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to

protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup

subsequently.



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-rightsManagementServicesTemplateId <Guid>

The "rightsManagementServicesTemplateId" property, of type "Edm.Guid".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about

who has access to RMS-protected file and how long they have access



Required? false

Position? named

Default value 00000000-0000-0000-0000-000000000000

Accept pipeline input? false

Accept wildcard characters? false



-azureRightsManagementServicesAllowed <bool>

The "azureRightsManagementServicesAllowed" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Specifies whether to allow Azure RMS encryption for WIP



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-iconsVisible <bool>

The "iconsVisible" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app

tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of

the WIP icon in the title bar of a WIP-protected app



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-protectedApps <object[]>

The "protectedApps" property, of type "microsoft.graph.windowsInformationProtectionApp".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Protected applications can access enterprise data and the data handled by those applications are protected

with encryption



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-exemptApps <object[]>

The "exemptApps" property, of type "microsoft.graph.windowsInformationProtectionApp".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Exempt applications can also access enterprise data, but the data handled by those applications are not

protected. This is because some critical enterprise applications may have compatibility problems with

encrypted data.



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseNetworkDomainNames <object[]>

The "enterpriseNetworkDomainNames" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains

that is sent to a device will be considered enterprise data and protected These locations will be considered a

safe destination for enterprise data to be shared to



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseProxiedDomains <object[]>

The "enterpriseProxiedDomains" property, of type

"microsoft.graph.windowsInformationProtectionProxiedDomainCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to

these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the

cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A

proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseIPRanges <object[]>

The "enterpriseIPRanges" property, of type "microsoft.graph.windowsInformationProtectionIPRangeCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those

computers will be considered part of the enterprise and protected. These locations will be considered a safe

destination for enterprise data to be shared to



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseIPRangesAreAuthoritative <bool>

The "enterpriseIPRangesAreAuthoritative" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find

other subnets. Default is false



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseProxyServers <object[]>

The "enterpriseProxyServers" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



This is a list of proxy servers. Any server not on this list is considered non-enterprise



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseInternalProxyServers <object[]>

The "enterpriseInternalProxyServers" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118,

10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to

specific resources on the Internet. They are considered to be enterprise network locations. The proxies are

only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains

through these proxies



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-enterpriseProxyServersAreAuthoritative <bool>

The "enterpriseProxyServersAreAuthoritative" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Boolean value that tells the client to accept the configured list of proxies and not try to detect other work

proxies. Default is false



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-neutralDomainResources <object[]>

The "neutralDomainResources" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



List of domain names that can used for work or personal resource



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-indexingEncryptedStoresOrItemsBlocked <bool>

The "indexingEncryptedStoresOrItemsBlocked" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



This switch is for the Windows Search Indexer, to allow or disallow indexing of items



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-smbAutoEncryptedFileExtensions <object[]>

The "smbAutoEncryptedFileExtensions" property, of type

"microsoft.graph.windowsInformationProtectionResourceCollection".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an

SMB share within the corporate boundary



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-isAssigned <bool>

The "isAssigned" property, of type "Edm.Boolean".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Indicates if the policy is deployed to any inclusion groups or not.



Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-protectedAppLockerFiles <object[]>

The "protectedAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Another way to input protected apps through xml files



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-exemptAppLockerFiles <object[]>

The "exemptAppLockerFiles" property, of type "microsoft.graph.windowsInformationProtectionAppLockerFile".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Another way to input exempt apps through xml files



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-assignments <object[]>

The "assignments" property, of type "microsoft.graph.targetedManagedAppPolicyAssignment".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Navigation property to list of security groups targeted for policy.



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-displayName <string>

The "displayName" property, of type "Edm.String".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Policy display name.



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-description <string>

The "description" property, of type "Edm.String".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



The policy's description.



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-createdDateTime <DateTimeOffset>

The "createdDateTime" property, of type "Edm.DateTimeOffset".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



The date and time the policy was created.



Required? false

Position? named

Default value 1/1/0001 12:00:00 AM +00:00

Accept pipeline input? false

Accept wildcard characters? false



-lastModifiedDateTime <DateTimeOffset>

The "lastModifiedDateTime" property, of type "Edm.DateTimeOffset".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Last time the policy was modified.



Required? false

Position? named

Default value 1/1/0001 12:00:00 AM +00:00

Accept pipeline input? false

Accept wildcard characters? false



-version <string>

The "version" property, of type "Edm.String".



This property is on the "microsoft.graph.windowsInformationProtectionPolicy" type.



Version of the entity.



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-ODataType <string>

The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.



Required? true

Position? named

Default value

Accept pipeline input? true (ByPropertyName)

Accept wildcard characters? false



-@odata.type <string>

The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.



This is an alias of the ODataType parameter.



Required? true

Position? named

Default value

Accept pipeline input? true (ByPropertyName)

Accept wildcard characters? false



<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,

ErrorAction, ErrorVariable, WarningAction, WarningVariable,

OutBuffer, PipelineVariable, and OutVariable. For more information, see

about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).



INPUTS

System.String

The ID for a "microsoft.graph.windowsInformationProtectionPolicy" object in the

"windowsInformationProtectionPolicies" collection.



System.String

The value provided in a search result (i.e. GET on a collection) in the "@odata.type" property.





OUTPUTS





RELATED LINKS

GitHub Repository https://github.com/Microsoft/Intune-PowerShell-SDK