### PowerShell Script Content Example Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_management_script.md This is the actual PowerShell script content intended to be deployed to devices via the Intune device management script resource. This specific script is a simple example that writes "Hello World!" to the host console. ```PowerShell Write-Host "Hello World!" ``` -------------------------------- ### Example Usage of Device Enrollment Configuration Resource - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_enrollment_configuration.md This snippet provides comprehensive examples demonstrating how to configure various device enrollment settings using the `microsoft365wp_device_enrollment_configuration` resource in Terraform. It includes examples for Windows 10 ESP, device enrollment limits with different priorities and assignments, platform restrictions, and Windows Hello for Business settings, showcasing both creating new configurations and targeting existing default ones. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ resource "microsoft365wp_device_enrollment_configuration" "windows10_esp" { display_name = "TF Test Windows 10 ESP" windows10_esp = { allow_device_reset_on_install_failure = true } assignments = [ { target = { group = { group_id = "298fded6-b252-4166-a473-f405e935f58d" } } }, ] } resource "microsoft365wp_device_enrollment_configuration" "device_enrollment_limit_default" { display_name = "###TfWorkplaceDefault###" # mandatory to target default config priority = 0 # mandatory to target default config device_enrollment_limit = { limit = 11 } } resource "microsoft365wp_device_enrollment_configuration" "device_enrollment_limit_1" { display_name = "TF Test Enrollment Limit 1" device_enrollment_limit = { limit = 3 } assignments = [ { target = { group = { group_id = "298fded6-b252-4166-a473-f405e935f58d" } } }, ] priority = 1 } resource "microsoft365wp_device_enrollment_configuration" "device_enrollment_limit_2" { display_name = "TF Test Enrollment Limit 2" device_enrollment_limit = { limit = 4 } priority = 2 } resource "microsoft365wp_device_enrollment_configuration" "device_enrollment_limit_3" { display_name = "TF Test Enrollment Limit 3" device_enrollment_limit = { limit = 5 } priority = 3 } resource "microsoft365wp_device_enrollment_configuration" "platform_restrictions_default" { display_name = "###TfWorkplaceDefault###" # mandatory to target default config priority = 0 # mandatory to target default config platform_restrictions = { android_for_work_restriction = { platform_blocked = true } } } resource "microsoft365wp_device_enrollment_configuration" "single_platform_restriction" { display_name = "TF Test Platform Restriction" single_platform_restriction = { platform_type = "windows" platform_restriction = { personal_device_enrollment_blocked = true os_minimum_version = "10.0.19044" } } } resource "microsoft365wp_device_enrollment_configuration" "windows_hello_for_business_default" { display_name = "###TfWorkplaceDefault###" # mandatory to target default config priority = 0 # mandatory to target default config windows_hello_for_business = { pin_maximum_length = 126 } } ``` -------------------------------- ### Installing strcase Go Package (Bash) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/workplace/strcase/README.md Provides the command-line instruction necessary to download and install the `strcase` package using the Go module system. This command fetches the latest version of the package from its GitHub repository. ```Bash go get -u github.com/iancoleman/strcase ``` -------------------------------- ### Example Environment Variable Configuration Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_custom_attribute_shell_script.md Provides an example of setting environment variables ('ARM_TENANT_ID', 'ARM_CLIENT_ID', 'ARM_CLIENT_SECRET') typically used for authentication with cloud providers or APIs, relevant for the provider setup. These variables would be sourced in a shell before running Terraform. ```Shell .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' ``` -------------------------------- ### Example Usage (Terraform HCL) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/ios_managed_app_protection.md This example demonstrates how to configure the required `microsoft365wp` provider, query a specific iOS managed app protection policy using the data source by its ID, and output the retrieved policy details. It also includes commented hints about required environment variables for authentication. ```Terraform HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_ios_managed_app_protection" "one" { id = "T_b928a553-c00b-4aa3-bb9e-98305b7ba3b6" } output "microsoft365wp_ios_managed_app_protection" { value = data.microsoft365wp_ios_managed_app_protection.one } ``` -------------------------------- ### Initializing String for strcase Examples (Go) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/workplace/strcase/README.md Initializes a sample string variable `s` that will be used as input for demonstrating the various string case conversion functions provided by the `strcase` package. ```Go s := "AnyKind of_string" ``` -------------------------------- ### Example Usage - Fetching Authentication Strength Policy and Combinations - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/authentication_strength_policy.md This example demonstrates how to configure the `microsoft365wp` provider, fetch a specific authentication strength policy by its ID, retrieve all associated authentication combination configurations using a separate data source and `for_each`, and finally output the merged policy and combination configuration data. ```Terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_authentication_strength_policy" "one" { id = "ccde5395-3d28-45f2-88dd-8ea78d538016" } data "microsoft365wp_authentication_combination_configuration" "all_for_one" { authentication_strength_policy_id = data.microsoft365wp_authentication_strength_policy.one.id for_each = toset(data.microsoft365wp_authentication_strength_policy.one.combination_configurations[*].id) id = each.key } output "microsoft365wp_authentication_strength_policy" { value = merge( data.microsoft365wp_authentication_strength_policy.one, { combination_configurations = [for k, v in data.microsoft365wp_authentication_combination_configuration.all_for_one : v] } ) } ``` -------------------------------- ### Retrieving Cross-Tenant Access Policy using Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cross_tenant_access_policy.md This Terraform example demonstrates how to configure the `microsoft365wp` provider and retrieve the singleton cross-tenant access policy data source. It shows the basic structure for defining the provider, querying the policy, and outputting the resulting policy object. This example assumes authentication details are provided via environment variables like ARM_TENANT_ID, ARM_CLIENT_ID, and ARM_CLIENT_SECRET. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENENT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cross_tenant_access_policy" "singleton" { } output "microsoft365wp_cross_tenant_access_policy" { value = data.microsoft365wp_cross_tenant_access_policy.singleton } ``` -------------------------------- ### Creating Windows Management App Resource with Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/windows_management_app.md This Terraform resource block creates an instance of the `microsoft365wp_windows_management_app`, named `singleton`. It configures the `managed_installer` attribute to be `enabled`, allowing the managed installer feature to be used. ```terraform resource "microsoft365wp_windows_management_app" "singleton" { managed_installer = "enabled" } ``` -------------------------------- ### Querying Mobility Management Policies using Microsoft365wp Terraform Data Source Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/mobility_management_policies.md This Terraform HCL example demonstrates how to configure the microsoft365wp provider and use the microsoft365wp_mobility_management_policies data source to retrieve mobility management policies. It shows querying separately for 'device' and 'app' policy types and outputting the results as maps keyed by policy ID. Requires the terraprovider/microsoft365wp provider to be installed and configured. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } data "microsoft365wp_mobility_management_policies" "device" { policy_type = "device" } output "microsoft365wp_mobility_management_policies_device" { value = { for x in data.microsoft365wp_mobility_management_policies.device.mobility_management_policies : x.id => x } } data "microsoft365wp_mobility_management_policies" "app" { policy_type = "app" } output "microsoft365wp_mobility_management_policies_app" { value = { for x in data.microsoft365wp_mobility_management_policies.app.mobility_management_policies : x.id => x } } ``` -------------------------------- ### Environment Variable Authentication Example Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/identity_governance_lifecycle_management_settings.md This commented-out section provides an example of how authentication credentials (tenant ID, client ID, client secret) might be provided via environment variables, often used by Terraform providers to authenticate with cloud APIs like Microsoft 365 or Azure. ```plaintext /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ ``` -------------------------------- ### Define Windows Universal App (APPX/MSIX) Locals - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet defines local variables for a Windows Universal application (APPX/MSIX). It specifies the source file path and uses a provider function `parse_appxmsix_metadata` to extract metadata from the app package. ```HCL locals { windows_universal_appx_source_file = "${path.module}/Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe.appx" windows_universal_appx_metadata = provider::microsoft365wp::parse_appxmsix_metadata(local.windows_universal_appx_source_file) } ``` -------------------------------- ### Example Usage Querying Device Configurations - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/device_configurations.md This snippet demonstrates how to use the `microsoft365wp_device_configurations` data source in Terraform. It configures the required provider, queries all device configurations excluding specific IDs, and outputs the results as a map keyed by ID. Note that environment variables (`ARM_TENANT_ID`, `ARM_CLIENT_ID`, `ARM_CLIENT_SECRET`) are typically required for provider authentication. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_device_configurations" "all" { exclude_ids = ["01234567-89ab-cdef-0123-456789abcdee", "01234567-89ab-cdef-0123-456789abcdef"] } output "microsoft365wp_device_configurations" { value = { for x in data.microsoft365wp_device_configurations.all.device_configurations : x.id => x } } ``` -------------------------------- ### Define Windows MSI Manifest Properties using Locals - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet defines local variables representing various properties for a Windows MSI application manifest. These properties are later used to construct an XML manifest string. ```HCL MsiUpgradeCode = "{23170F69-40C1-2702-0000-000004000000}" # UpgradeCode MsiIsMachineInstall = true # MSIINSTALLPERUSER == "" && (ALLUSERS == "1" || ALLUSERS == "2") MsiIsUserInstall = false # !manifest.MsiIsMachineInstall MsiRequiresLogon = false # ALLUSERS == "" MsiIncludesServices = false # always false MsiContainsSystemRegistryKeys = false # always false MsiContainsSystemFolders = false # always false ``` -------------------------------- ### Create Microsoft365wp Mobile App Resource for Windows Universal - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet defines a `microsoft365wp_mobile_app` resource for a Windows Universal (APPX/MSIX) application. It configures various properties using the metadata extracted by the `parse_appxmsix_metadata` function, including file details, identity, device types, architecture, and supported OS. ```HCL resource "microsoft365wp_mobile_app" "windows_universal_appx" { display_name = "TF Test windows_universal_appx" description = local.windows_universal_appx_metadata.properties.description publisher = local.windows_universal_appx_metadata.properties.publisher_display_name large_icon = local.windows_universal_appx_metadata.logo windows_universal_appx = { file_name = basename(local.windows_universal_appx_source_file) identity_name = local.windows_universal_appx_metadata.identity.name identity_publisher_hash = local.windows_universal_appx_metadata.identity.publisher_hash identity_version = local.windows_universal_appx_metadata.identity.version applicable_device_types = "desktop" applicable_architectures = local.windows_universal_appx_metadata.identity.processor_architecture minimum_supported_operating_system = { v10_0 = true } # see docs is_msix = endswith(lower(local.windows_universal_appx_source_file), ".msix") source_file = local.windows_universal_appx_source_file source_sha256 = filesha256(local.windows_universal_appx_source_file) } assignments = [{ target = { group = { group_id = "298fded6-b252-4166-a473-f405e935f58d" } } settings = { windows_universal_appx = {} } # see docs }] } ``` -------------------------------- ### Creating Intune Assignment Filter and Configuration Resources Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_and_app_management_assignment_filter.md This example demonstrates how to create `microsoft365wp_device_and_app_management_assignment_filter` resources for Windows and iOS platforms by specifying `display_name`, `platform`, and a filter `rule`. It also shows how to reference a created filter's ID when assigning a `microsoft365wp_device_configuration` resource. ```HCL resource "microsoft365wp_device_and_app_management_assignment_filter" "devices_win10" { display_name = "TF Test Devices Win10" platform = "windows10AndLater" rule = "(device.manufacturer -eq \"some non-exsiting dummy value\")" } resource "microsoft365wp_device_configuration" "devices_win10" { display_name = "TF Test Devices Win10 Filter" windows_update_for_business = { user_pause_access = "disabled" installation_schedule = { active_hours = {} } } assignments = [ { target = { all_devices = {} filter_type = "include" filter_id = microsoft365wp_device_and_app_management_assignment_filter.devices_win10.id } }, ] } resource "microsoft365wp_device_and_app_management_assignment_filter" "apps_ios" { display_name = "TF Test Apps iOS" platform = "iOSMobileApplicationManagement" rule = "(app.appVersion -eq \"1.2.3.4\")" } ``` -------------------------------- ### Creating Windows 10 Device Compliance Policy with Assignments Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_compliance_policy.md This example creates a compliance policy for Windows 10 devices, requiring BitLocker encryption. It demonstrates various assignment types, including assigning to all devices, all licensed users, and excluding a specific group. ```terraform resource "microsoft365wp_device_compliance_policy" "win10" { display_name = "TF Test Windows 10" scheduled_actions_for_rule = [{ scheduled_action_configurations = [{}] }] windows10 = { bitlocker_enabled = true } assignments = [ { target = { all_devices = {} } }, { target = { all_licensed_users = {} } }, { target = { exclusion_group = { group_id = "298fded6-b252-4166-a473-f405e935f58d" } } }, ] } ``` -------------------------------- ### Generate Windows MSI Manifest XML using Locals - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet uses a Terraform heredoc to construct an XML string representing the Windows MSI application manifest. It interpolates the local variables defined previously to populate the XML attributes. ```HCL windows_msi_manifest_xml = <<-EOT EOT ``` -------------------------------- ### Create Microsoft365wp Mobile App Resource for Windows MSI - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet defines a `microsoft365wp_mobile_app` resource specifically for a Windows MSI application. It configures the app's display name, file details, versions, source file, SHA256 hash, and includes the base64 encoded manifest. ```HCL resource "microsoft365wp_mobile_app" "windows_msi" { display_name = "TF Test windows_msi" windows_msi = { file_name = basename(local.windows_msi_source_file) identity_version = local.windows_msi_version product_version = local.windows_msi_version source_file = local.windows_msi_source_file source_sha256 = filesha256(local.windows_msi_source_file) manifest_base64 = local.windows_msi_manifest_base64 } assignments = [{ target = { group = { group_id = "298fded6-b252-4166-a473-f405e935f58d" } } }] } ``` -------------------------------- ### Setting Authentication Environment Variables - Shell Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/ios_managed_app_protection.md Provides commented examples for setting necessary environment variables (`ARM_TENANT_ID`, `ARM_CLIENT_ID`, `ARM_CLIENT_SECRET`) required for the microsoft365wp provider to authenticate with Microsoft 365 or Azure AD for Graph API access. ```Shell /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ ``` -------------------------------- ### Example Usage: Fetching Conditional Access Policy (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/conditional_access_policy.md This example demonstrates how to configure the `microsoft365wp` provider and use the `microsoft365wp_conditional_access_policy` data source to retrieve a specific Conditional Access policy based on its ID. It also shows how to output the retrieved policy data. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_conditional_access_policy" "one" { id = "6aaba8b8-539b-46f9-bd49-da9c53248272" } output "microsoft365wp_conditional_access_policy" { value = data.microsoft365wp_conditional_access_policy.one } ``` -------------------------------- ### Querying Cloud PC Provisioning Policies (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cloud_pc_provisioning_policies.md This example demonstrates how to use the `microsoft365wp_cloud_pc_provisioning_policies` data source to retrieve all available Cloud PC provisioning policies. It requires setting up the provider configuration with Azure credentials (Tenant ID, Client ID, Client Secret) typically via environment variables. The output block then formats the retrieved policies into a map indexed by their unique ID. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cloud_pc_provisioning_policies" "all" { } output "microsoft365wp_cloud_pc_provisioning_policies" { value = { for x in data.microsoft365wp_cloud_pc_provisioning_policies.all.cloud_pc_provisioning_policies : x.id => x } } ``` -------------------------------- ### Base64 Encode Windows MSI Manifest XML using Locals - HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app.md This snippet base64 encodes the generated XML manifest string. The resulting base64 string is required by the `microsoft365wp_mobile_app` resource for MSI applications. ```HCL windows_msi_manifest_base64 = base64encode(local.windows_msi_manifest_xml) ``` -------------------------------- ### Querying Device Registration Policy - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/device_registration_policy.md This example demonstrates how to configure the terraprovider/microsoft365wp provider and retrieve the singleton microsoft365wp_device_registration_policy data source. It requires setting environment variables for Azure/Microsoft Entra authentication (`ARM_TENANT_ID`, `ARM_CLIENT_ID`, `ARM_CLIENT_SECRET`) and shows how to output the retrieved policy object. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_device_registration_policy" "singleton" { } output "microsoft365wp_device_registration_policy" { value = data.microsoft365wp_device_registration_policy.singleton } ``` -------------------------------- ### Querying Cloud PC Device Image Terraform Data Source Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cloud_pc_device_image.md This Terraform snippet demonstrates how to configure the required provider and use the `microsoft365wp_cloud_pc_device_image` data source. It queries a device image by its ID and outputs the retrieved data. The example uses an ID ('does_not_exist') that is expected not to be found, illustrating the data source definition. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cloud_pc_device_image" "does_not_exist" { id = "does_not_exist" } output "microsoft365wp_cloud_pc_device_image" { value = data.microsoft365wp_cloud_pc_device_image.does_not_exist } ``` -------------------------------- ### Terraform Example for Default Cross-Tenant Access Policy Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/cross_tenant_access_policy_configuration_default.md This Terraform example demonstrates how to define and configure the default cross-tenant access policy using the `microsoft365wp_cross_tenant_access_policy_configuration_default` resource. It specifically shows how to set outbound B2B direct connect access for applications and users to 'allowed'. Prerequisites include setting environment variables for ARM authentication (ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET). ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ resource "microsoft365wp_cross_tenant_access_policy_configuration_default" "singleton" { b2b_direct_connect_outbound = { applications = { access_type = "allowed" } users_and_groups = { access_type = "allowed" } } } ``` -------------------------------- ### Querying Unified Role Management Policy using Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/unified_role_management_policy.md This snippet demonstrates how to configure the `microsoft365wp` provider and use the `microsoft365wp_unified_role_management_policy` data source to fetch a specific policy by its unique ID. It includes commented-out example environment variables for authentication and outputs the retrieved policy. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_unified_role_management_policy" "one" { id = "DirectoryRole_810017af-c1d4-4a3b-9e18-d693c12b0df1_7da17cbf-6f42-4103-b73d-e500dca5f92d" } output "microsoft365wp_unified_role_management_policy" { value = data.microsoft365wp_unified_role_management_policy.one } ``` -------------------------------- ### Configuring Microsoft365wp Terraform Provider Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/device_and_app_management_assignment_filter.md This snippet defines the required `microsoft365wp` provider and its source for use in the Terraform configuration. It also includes commented-out examples showing environment variables typically used for authenticating with Azure/Microsoft Graph. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ ``` -------------------------------- ### Querying Cloud PC Gallery Images - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cloud_pc_gallery_images.md This example demonstrates how to use the `microsoft365wp_cloud_pc_gallery_images` data source in Terraform to retrieve lists of Cloud PC gallery images. It shows fetching all images and fetching images filtered by attributes like publisher name, offer name, SKU name, and status, also utilizing OData query options like `$filter` and `$orderby`. Required authentication details must be provided via environment variables. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cloud_pc_gallery_images" "all" { } output "microsoft365wp_cloud_pc_gallery_images_all" { value = { for x in data.microsoft365wp_cloud_pc_gallery_images.all.cloud_pc_gallery_images : x.id => x } } data "microsoft365wp_cloud_pc_gallery_images" "win11_m365_supported" { # publisher_name/publisherName must be compared case-insensitive but this specific query would produce the same result # if only filtering by offer_name, sku_name and status (and ommitting the odata_filter clause completely) odata_filter = "tolower(publisherName) eq 'microsoftwindowsdesktop'" offer_name = "windows-ent-cpc" sku_name = "win11-*-m365" status = "supported" odata_orderby = "startDate desc" } output "microsoft365wp_cloud_pc_gallery_images_win11_m365_supported" { value = data.microsoft365wp_cloud_pc_gallery_images.win11_m365_supported.cloud_pc_gallery_images } ``` -------------------------------- ### Querying Device Management Configuration Policy by ID (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/device_management_configuration_policy_json.md This snippet shows a basic example of using the microsoft365wp_device_management_configuration_policy_json data source. It configures the required provider, retrieves a policy using a hardcoded ID, and defines an output variable to display the retrieved data. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_device_management_configuration_policy_json" "one" { id = "6c8633bd-7dbb-4b69-ba63-35b6cbe795e4" } output "microsoft365wp_device_management_configuration_policy_json" { value = data.microsoft365wp_device_management_configuration_policy_json.one } ``` -------------------------------- ### Querying Default Cross-Tenant Policy (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cross_tenant_access_policy_configuration_default.md This Terraform example shows how to configure the required provider and query the default cross-tenant access policy configuration using the `microsoft365wp_cross_tenant_access_policy_configuration_default` data source. It defines the provider source and then declares a data resource named `singleton` to fetch the default policy. An output variable is included to display the fetched data. Authentication typically requires environment variables like `ARM_TENANT_ID`, `ARM_CLIENT_ID`, and `ARM_CLIENT_SECRET`. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cross_tenant_access_policy_configuration_default" "singleton" { } output "microsoft365wp_cross_tenant_access_policy_configuration_default" { value = data.microsoft365wp_cross_tenant_access_policy_configuration_default.singleton } ``` -------------------------------- ### Querying M365 Authentication Strength Policies & Combinations (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/authentication_strength_policies.md This Terraform example demonstrates how to fetch all Microsoft Graph Authentication Strength Policies (excluding specified IDs) using the `microsoft365wp_authentication_strength_policies` data source. It then uses a `for_each` loop with the `microsoft365wp_authentication_combination_configurations` data source to fetch the combination configurations for each retrieved policy. Finally, it combines the results into a single output variable. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_authentication_strength_policies" "all" { exclude_ids = ["01234567-89ab-cdef-0123-456789abcdee", "01234567-89ab-cdef-0123-456789abcdef"] } data "microsoft365wp_authentication_combination_configurations" "all" { for_each = toset(data.microsoft365wp_authentication_strength_policies.all.authentication_strength_policies[*].id) authentication_strength_policy_id = each.key } output "microsoft365wp_authentication_strength_policies" { value = { for x in data.microsoft365wp_authentication_strength_policies.all.authentication_strength_policies : x.id => merge(x, { combination_configurations = data.microsoft365wp_authentication_combination_configurations.all[x.id].authentication_combination_configurations }) } } ``` -------------------------------- ### Querying Device Configuration by ID - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/device_configuration.md This example demonstrates how to configure the microsoft365wp provider and use the `microsoft365wp_device_configuration` data source to retrieve a specific device configuration entity from Microsoft Graph using its unique identifier (ID). It requires the provider to be configured, likely via environment variables for authentication. ```Terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_device_configuration" "one" { id = "8cefe928-c91b-40bb-b5d9-64dc5919dc37" } output "microsoft365wp_device_configuration" { value = data.microsoft365wp_device_configuration.one } ``` -------------------------------- ### Creating Identity Governance Workflow using Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/identity_governance_workflow.md This example demonstrates how to define and configure a Microsoft 365 Identity Governance Workflow using the `microsoft365wp_identity_governance_workflow` resource. It includes provider configuration, fetching task definitions via data sources, setting workflow properties, execution conditions based on hire date and department, and configuring the tasks with arguments. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_identity_governance_task_definition" "add_user_to_groups" { display_name = "Add user to groups" } data "microsoft365wp_identity_governance_task_definition" "add_user_to_teams" { display_name = "Add user to Teams" } resource "microsoft365wp_identity_governance_workflow" "test" { display_name = "TF Test" category = "joiner" execution_conditions = { trigger_and_scope_based_conditions = { trigger = { time_based_attribute = { time_based_attribute = "employeeHireDate" offset_in_days = 7 } } scope = { rule = { rule = "(department eq 'Marketing')" } } } } tasks = [ for x in [ merge(data.microsoft365wp_identity_governance_task_definition.add_user_to_groups, { is_enabled = true arguments = [{ name = "groupID" value = "298fded6-b252-4166-a473-f405e935f58d" }] }), merge(data.microsoft365wp_identity_governance_task_definition.add_user_to_teams, { is_enabled = false arguments = [{ name = "teamID" value = "5bdad799-d399-4241-b8ca-2a2ca837f443" }] }), ] : { task_definition_id = x.id category = x.category display_name = x.display_name arguments = x.arguments is_enabled = x.is_enabled } ] } ``` -------------------------------- ### Example Usage: Querying Cross-Tenant Access Policy Partners in Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/cross_tenant_access_policy_configuration_partners.md This snippet demonstrates how to configure the microsoft365wp provider and use the `microsoft365wp_cross_tenant_access_policy_configuration_partners` data source to retrieve all partner cross-tenant access configurations. It also shows how to output the retrieved data, keyed by tenant ID. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_cross_tenant_access_policy_configuration_partners" "all" { } output "microsoft365wp_cross_tenant_access_policy_configuration_partners" { value = { for x in data.microsoft365wp_cross_tenant_access_policy_configuration_partners.all.cross_tenant_access_policy_configuration_partners : x.tenant_id => x } } ``` -------------------------------- ### Querying Microsoft365 Security Defaults Policy (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/identity_security_defaults_enforcement_policy.md This example demonstrates how to configure the `microsoft365wp` Terraform provider and retrieve the Microsoft Entra ID security defaults enforcement policy using the `microsoft365wp_identity_security_defaults_enforcement_policy` data source. It shows a basic query for the singleton resource and outputs the resulting policy object. Authentication relies on environment variables for ARM credentials. ```Terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_identity_security_defaults_enforcement_policy" "singleton" { } output "microsoft365wp_identity_security_defaults_enforcement_policy" { value = data.microsoft365wp_identity_security_defaults_enforcement_policy.singleton } ``` -------------------------------- ### Creating a Mobile App Category (Terraform) Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobile_app_category.md This example demonstrates how to configure the `microsoft365wp` provider and create a new Intune mobile application category using the `microsoft365wp_mobile_app_category` resource. It requires provider configuration (typically via environment variables like ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET) and sets the required `display_name` attribute for the category. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ resource "microsoft365wp_mobile_app_category" "test" { display_name = "TF Test" } ``` -------------------------------- ### Querying Autopilot Deployment Profile and Assignments - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/azure_ad_windows_autopilot_deployment_profile.md This Terraform example demonstrates how to use the `microsoft365wp_azure_ad_windows_autopilot_deployment_profile` data source to retrieve a specific Autopilot profile by its ID. It also shows how to use related data sources (`microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignments` and `microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignment`) to find assignments linked to that profile and output their values. ```HCL terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_azure_ad_windows_autopilot_deployment_profile" "one" { id = "23b5545c-f948-494c-9495-3785d779806a" } data "microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignments" "all" { azure_ad_windows_autopilot_deployment_profile_id = data.microsoft365wp_azure_ad_windows_autopilot_deployment_profile.one.id } data "microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignment" "one" { azure_ad_windows_autopilot_deployment_profile_id = data.microsoft365wp_azure_ad_windows_autopilot_deployment_profile.one.id id = tolist( data.microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignments.all.azure_ad_windows_autopilot_deployment_profile_assignments )[0].id } output "microsoft365wp_azure_ad_windows_autopilot_deployment_profile" { value = data.microsoft365wp_azure_ad_windows_autopilot_deployment_profile.one } output "microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignment" { value = data.microsoft365wp_azure_ad_windows_autopilot_deployment_profile_assignment.one } ``` -------------------------------- ### Example Usage - Querying Notification Message Templates Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/notification_message_templates.md This snippet demonstrates how to configure the `microsoft365wp` provider and use the `microsoft365wp_notification_message_templates` data source to retrieve a list of all notification message templates, while excluding specific templates by their IDs. It then outputs the retrieved templates, keyed by their IDs. Prerequisites include configuring the provider with required authentication credentials (e.g., via environment variables). ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_notification_message_templates" "all" { exclude_ids = ["01234567-89ab-cdef-0123-456789abcdee", "01234567-89ab-cdef-0123-456789abcdef"] } output "microsoft365wp_notification_message_templates" { value = { for x in data.microsoft365wp_notification_message_templates.all.notification_message_templates : x.id => x } } ``` -------------------------------- ### Lookup Cloud PC Gallery Image (Dedicated) - Terraform HCL Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/cloud_pc_provisioning_policy.md This data source block queries for a suitable gallery image to be used with a dedicated Cloud PC provisioning policy. It filters for Windows 11 Enterprise images with Microsoft 365 apps, sorting by start date to get the latest supported version. The output of this data source is then used in the `microsoft365wp_cloud_pc_provisioning_policy` resource. ```HCL data "microsoft365wp_cloud_pc_gallery_image" "dedicated" { # Win11 with M365 latest publisher_name = "microsoftwindowsdesktop" offer_name = "windows-ent-cpc" sku_name = "win11-*-m365" status = "supported" odata_orderby = "startDate desc" odata_top = 1 } ``` -------------------------------- ### Creating Mobility Management Policies - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/resources/mobility_management_policy.md This Terraform example demonstrates how to define and create two `microsoft365wp_mobility_management_policy` resources: one for device enrollment and one for app management. It utilizes the `azuread_application_published_app_ids` data source to find well-known application IDs like Microsoft Intune and uses local variables to manage configuration options like `applies_to` and `included_groups`. It sets various policy parameters such as discovery URLs, compliance URLs, and terms of use URLs based on the policy type. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } data "azuread_application_published_app_ids" "well_known" {} locals { device = { applies_to = "all" # "all", "selected" or "none" groups = [ "298fded6-b252-4166-a473-f405e935f58d", "62e39046-aad3-4423-98e0-b486e3538aff", ] } app = { applies_to = "all" # "all", "selected" or "none" groups = [ "298fded6-b252-4166-a473-f405e935f58d", ] } } resource "microsoft365wp_mobility_management_policy" "device" { policy_type = "device" id = data.azuread_application_published_app_ids.well_known.result.MicrosoftIntune terms_of_use_url = "https://portal.manage.microsoft.com/TermsofUse.aspx" discovery_url = "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc" compliance_url = "https://portal.manage.microsoft.com/?portalAction=Compliance" applies_to = local.device.applies_to included_groups = local.device.applies_to == "selected" ? [for i in local.device.groups : { id = i }] : [] } resource "microsoft365wp_mobility_management_policy" "app" { policy_type = "app" id = data.azuread_application_published_app_ids.well_known.result.MicrosoftIntune discovery_url = "https://wip.mam.manage.microsoft.com/Enroll" applies_to = local.app.applies_to included_groups = local.app.applies_to == "selected" ? [for i in local.app.groups : { id = i }] : [] } ``` -------------------------------- ### Example Usage: Querying Connected Organizations in Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/connected_organizations.md This Terraform example configures the microsoft365wp provider, defines a data source to fetch all connected organizations excluding specific IDs, and outputs the resulting list keyed by ID. It requires setting environment variables for Azure/Microsoft Entra authentication. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_connected_organizations" "all" { exclude_ids = ["01234567-89ab-cdef-0123-456789abcdee", "01234567-89ab-cdef-0123-456789abcdef"] } output "microsoft365wp_connected_organizations" { value = { for x in data.microsoft365wp_connected_organizations.all.connected_organizations : x.id => x } } ``` -------------------------------- ### Querying iOS Managed App Protections - Terraform Source: https://github.com/terraprovider/terraform-provider-microsoft365wp/blob/main/docs/data-sources/ios_managed_app_protections.md This snippet demonstrates how to define the required microsoft365wp provider, use environment variables for authentication (commented out example), query the `microsoft365wp_ios_managed_app_protections` data source, and output the results as a map indexed by entity ID. It includes an example of using the `exclude_ids` filter to exclude specific policies. ```terraform terraform { required_providers { microsoft365wp = { source = "terraprovider/microsoft365wp" } } } /* .env export ARM_TENANT_ID='...' export ARM_CLIENT_ID='...' export ARM_CLIENT_SECRET='...' */ data "microsoft365wp_ios_managed_app_protections" "all" { exclude_ids = ["01234567-89ab-cdef-0123-456789abcdee", "01234567-89ab-cdef-0123-456789abcdef"] } output "microsoft365wp_ios_managed_app_protections" { value = { for x in data.microsoft365wp_ios_managed_app_protections.all.ios_managed_app_protections : x.id => x } } ```