summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/yaegashi/msgraph.go/beta/Windows10EndpointProtectionConfigurationModel.go
blob: 37f97ebcbc2a513ac556c15cf310af3c02a78386 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
// Code generated by msgraph-generate.go DO NOT EDIT.

package msgraph

// Windows10EndpointProtectionConfiguration This topic provides descriptions of the declared methods, properties and relationships exposed by the Windows10EndpointProtectionConfiguration resource.
type Windows10EndpointProtectionConfiguration struct {
	// DeviceConfiguration is the base model of Windows10EndpointProtectionConfiguration
	DeviceConfiguration
	// DmaGuardDeviceEnumerationPolicy undocumented
	DmaGuardDeviceEnumerationPolicy *DmaGuardDeviceEnumerationPolicyType `json:"dmaGuardDeviceEnumerationPolicy,omitempty"`
	// FirewallRules Configures the firewall rule settings. This collection can contain a maximum of 150 elements.
	FirewallRules []WindowsFirewallRule `json:"firewallRules,omitempty"`
	// UserRightsAccessCredentialManagerAsTrustedCaller This user right is used by Credential Manager during Backup/Restore. Users' saved credentials might be compromised if this privilege is given to other entities. Only states NotConfigured and Allowed are supported
	UserRightsAccessCredentialManagerAsTrustedCaller *DeviceManagementUserRightsSetting `json:"userRightsAccessCredentialManagerAsTrustedCaller,omitempty"`
	// UserRightsAllowAccessFromNetwork This user right determines which users and groups are allowed to connect to the computer over the network. State Allowed is supported.
	UserRightsAllowAccessFromNetwork *DeviceManagementUserRightsSetting `json:"userRightsAllowAccessFromNetwork,omitempty"`
	// UserRightsBlockAccessFromNetwork This user right determines which users and groups are block from connecting to the computer over the network. State Block is supported.
	UserRightsBlockAccessFromNetwork *DeviceManagementUserRightsSetting `json:"userRightsBlockAccessFromNetwork,omitempty"`
	// UserRightsActAsPartOfTheOperatingSystem This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Only states NotConfigured and Allowed are supported
	UserRightsActAsPartOfTheOperatingSystem *DeviceManagementUserRightsSetting `json:"userRightsActAsPartOfTheOperatingSystem,omitempty"`
	// UserRightsLocalLogOn This user right determines which users can log on to the computer. States NotConfigured, Allowed are supported
	UserRightsLocalLogOn *DeviceManagementUserRightsSetting `json:"userRightsLocalLogOn,omitempty"`
	// UserRightsDenyLocalLogOn This user right determines which users cannot log on to the computer. States NotConfigured, Blocked are supported
	UserRightsDenyLocalLogOn *DeviceManagementUserRightsSetting `json:"userRightsDenyLocalLogOn,omitempty"`
	// UserRightsBackupData This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Only states NotConfigured and Allowed are supported
	UserRightsBackupData *DeviceManagementUserRightsSetting `json:"userRightsBackupData,omitempty"`
	// UserRightsChangeSystemTime This user right determines which users and groups can change the time and date on the internal clock of the computer. Only states NotConfigured and Allowed are supported
	UserRightsChangeSystemTime *DeviceManagementUserRightsSetting `json:"userRightsChangeSystemTime,omitempty"`
	// UserRightsCreateGlobalObjects This security setting determines whether users can create global objects that are available to all sessions. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Only states NotConfigured and Allowed are supported
	UserRightsCreateGlobalObjects *DeviceManagementUserRightsSetting `json:"userRightsCreateGlobalObjects,omitempty"`
	// UserRightsCreatePageFile This user right determines which users and groups can call an internal API to create and change the size of a page file. Only states NotConfigured and Allowed are supported
	UserRightsCreatePageFile *DeviceManagementUserRightsSetting `json:"userRightsCreatePageFile,omitempty"`
	// UserRightsCreatePermanentSharedObjects This user right determines which accounts can be used by processes to create a directory object using the object manager. Only states NotConfigured and Allowed are supported
	UserRightsCreatePermanentSharedObjects *DeviceManagementUserRightsSetting `json:"userRightsCreatePermanentSharedObjects,omitempty"`
	// UserRightsCreateSymbolicLinks This user right determines if the user can create a symbolic link from the computer to which they are logged on. Only states NotConfigured and Allowed are supported
	UserRightsCreateSymbolicLinks *DeviceManagementUserRightsSetting `json:"userRightsCreateSymbolicLinks,omitempty"`
	// UserRightsCreateToken This user right determines which users/groups can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal API to create an access token. Only states NotConfigured and Allowed are supported
	UserRightsCreateToken *DeviceManagementUserRightsSetting `json:"userRightsCreateToken,omitempty"`
	// UserRightsDebugPrograms This user right determines which users can attach a debugger to any process or to the kernel. Only states NotConfigured and Allowed are supported
	UserRightsDebugPrograms *DeviceManagementUserRightsSetting `json:"userRightsDebugPrograms,omitempty"`
	// UserRightsRemoteDesktopServicesLogOn This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Only states NotConfigured and Blocked are supported
	UserRightsRemoteDesktopServicesLogOn *DeviceManagementUserRightsSetting `json:"userRightsRemoteDesktopServicesLogOn,omitempty"`
	// UserRightsDelegation This user right determines which users can set the Trusted for Delegation setting on a user or computer object. Only states NotConfigured and Allowed are supported.
	UserRightsDelegation *DeviceManagementUserRightsSetting `json:"userRightsDelegation,omitempty"`
	// UserRightsGenerateSecurityAudits This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access.  Only states NotConfigured and Allowed are supported.
	UserRightsGenerateSecurityAudits *DeviceManagementUserRightsSetting `json:"userRightsGenerateSecurityAudits,omitempty"`
	// UserRightsImpersonateClient Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Only states NotConfigured and Allowed are supported.
	UserRightsImpersonateClient *DeviceManagementUserRightsSetting `json:"userRightsImpersonateClient,omitempty"`
	// UserRightsIncreaseSchedulingPriority This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. Only states NotConfigured and Allowed are supported.
	UserRightsIncreaseSchedulingPriority *DeviceManagementUserRightsSetting `json:"userRightsIncreaseSchedulingPriority,omitempty"`
	// UserRightsLoadUnloadDrivers This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. Only states NotConfigured and Allowed are supported.
	UserRightsLoadUnloadDrivers *DeviceManagementUserRightsSetting `json:"userRightsLoadUnloadDrivers,omitempty"`
	// UserRightsLockMemory This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Only states NotConfigured and Allowed are supported.
	UserRightsLockMemory *DeviceManagementUserRightsSetting `json:"userRightsLockMemory,omitempty"`
	// UserRightsManageAuditingAndSecurityLogs This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. Only states NotConfigured and Allowed are supported.
	UserRightsManageAuditingAndSecurityLogs *DeviceManagementUserRightsSetting `json:"userRightsManageAuditingAndSecurityLogs,omitempty"`
	// UserRightsManageVolumes This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Only states NotConfigured and Allowed are supported.
	UserRightsManageVolumes *DeviceManagementUserRightsSetting `json:"userRightsManageVolumes,omitempty"`
	// UserRightsModifyFirmwareEnvironment This user right determines who can modify firmware environment values. Only states NotConfigured and Allowed are supported.
	UserRightsModifyFirmwareEnvironment *DeviceManagementUserRightsSetting `json:"userRightsModifyFirmwareEnvironment,omitempty"`
	// UserRightsModifyObjectLabels This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Only states NotConfigured and Allowed are supported.
	UserRightsModifyObjectLabels *DeviceManagementUserRightsSetting `json:"userRightsModifyObjectLabels,omitempty"`
	// UserRightsProfileSingleProcess This user right determines which users can use performance monitoring tools to monitor the performance of system processes. Only states NotConfigured and Allowed are supported.
	UserRightsProfileSingleProcess *DeviceManagementUserRightsSetting `json:"userRightsProfileSingleProcess,omitempty"`
	// UserRightsRemoteShutdown This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. Only states NotConfigured and Allowed are supported.
	UserRightsRemoteShutdown *DeviceManagementUserRightsSetting `json:"userRightsRemoteShutdown,omitempty"`
	// UserRightsRestoreData This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Only states NotConfigured and Allowed are supported.
	UserRightsRestoreData *DeviceManagementUserRightsSetting `json:"userRightsRestoreData,omitempty"`
	// UserRightsTakeOwnership This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Only states NotConfigured and Allowed are supported.
	UserRightsTakeOwnership *DeviceManagementUserRightsSetting `json:"userRightsTakeOwnership,omitempty"`
	// XboxServicesEnableXboxGameSaveTask This setting determines whether xbox game save is enabled (1) or disabled (0).
	XboxServicesEnableXboxGameSaveTask *bool `json:"xboxServicesEnableXboxGameSaveTask,omitempty"`
	// XboxServicesAccessoryManagementServiceStartupMode This setting determines whether the Accessory management service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
	XboxServicesAccessoryManagementServiceStartupMode *ServiceStartType `json:"xboxServicesAccessoryManagementServiceStartupMode,omitempty"`
	// XboxServicesLiveAuthManagerServiceStartupMode This setting determines whether Live Auth Manager service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
	XboxServicesLiveAuthManagerServiceStartupMode *ServiceStartType `json:"xboxServicesLiveAuthManagerServiceStartupMode,omitempty"`
	// XboxServicesLiveGameSaveServiceStartupMode This setting determines whether Live Game save service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
	XboxServicesLiveGameSaveServiceStartupMode *ServiceStartType `json:"xboxServicesLiveGameSaveServiceStartupMode,omitempty"`
	// XboxServicesLiveNetworkingServiceStartupMode This setting determines whether Networking service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual.
	XboxServicesLiveNetworkingServiceStartupMode *ServiceStartType `json:"xboxServicesLiveNetworkingServiceStartupMode,omitempty"`
	// LocalSecurityOptionsBlockMicrosoftAccounts Prevent users from adding new Microsoft accounts to this computer.
	LocalSecurityOptionsBlockMicrosoftAccounts *bool `json:"localSecurityOptionsBlockMicrosoftAccounts,omitempty"`
	// LocalSecurityOptionsBlockRemoteLogonWithBlankPassword Enable Local accounts that are not password protected to log on from locations other than the physical device.Default is enabled
	LocalSecurityOptionsBlockRemoteLogonWithBlankPassword *bool `json:"localSecurityOptionsBlockRemoteLogonWithBlankPassword,omitempty"`
	// LocalSecurityOptionsDisableAdministratorAccount Determines whether the Local Administrator account is enabled or disabled.
	LocalSecurityOptionsDisableAdministratorAccount *bool `json:"localSecurityOptionsDisableAdministratorAccount,omitempty"`
	// LocalSecurityOptionsAdministratorAccountName Define a different account name to be associated with the security identifier (SID) for the account “Administrator”.
	LocalSecurityOptionsAdministratorAccountName *string `json:"localSecurityOptionsAdministratorAccountName,omitempty"`
	// LocalSecurityOptionsDisableGuestAccount Determines if the Guest account is enabled or disabled.
	LocalSecurityOptionsDisableGuestAccount *bool `json:"localSecurityOptionsDisableGuestAccount,omitempty"`
	// LocalSecurityOptionsGuestAccountName Define a different account name to be associated with the security identifier (SID) for the account “Guest”.
	LocalSecurityOptionsGuestAccountName *string `json:"localSecurityOptionsGuestAccountName,omitempty"`
	// LocalSecurityOptionsAllowUndockWithoutHavingToLogon Prevent a portable computer from being undocked without having to log in.
	LocalSecurityOptionsAllowUndockWithoutHavingToLogon *bool `json:"localSecurityOptionsAllowUndockWithoutHavingToLogon,omitempty"`
	// LocalSecurityOptionsBlockUsersInstallingPrinterDrivers Restrict installing printer drivers as part of connecting to a shared printer to admins only.
	LocalSecurityOptionsBlockUsersInstallingPrinterDrivers *bool `json:"localSecurityOptionsBlockUsersInstallingPrinterDrivers,omitempty"`
	// LocalSecurityOptionsBlockRemoteOpticalDriveAccess Enabling this settings allows only interactively logged on user to access CD-ROM media.
	LocalSecurityOptionsBlockRemoteOpticalDriveAccess *bool `json:"localSecurityOptionsBlockRemoteOpticalDriveAccess,omitempty"`
	// LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser Define who is allowed to format and eject removable NTFS media.
	LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser *LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUserType `json:"localSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser,omitempty"`
	// LocalSecurityOptionsMachineInactivityLimit Define maximum minutes of inactivity on the interactive desktop’s login screen until the screen saver runs. Valid values 0 to 9999
	LocalSecurityOptionsMachineInactivityLimit *int `json:"localSecurityOptionsMachineInactivityLimit,omitempty"`
	// LocalSecurityOptionsMachineInactivityLimitInMinutes Define maximum minutes of inactivity on the interactive desktop’s login screen until the screen saver runs. Valid values 0 to 9999
	LocalSecurityOptionsMachineInactivityLimitInMinutes *int `json:"localSecurityOptionsMachineInactivityLimitInMinutes,omitempty"`
	// LocalSecurityOptionsDoNotRequireCtrlAltDel Require CTRL+ALT+DEL to be pressed before a user can log on.
	LocalSecurityOptionsDoNotRequireCtrlAltDel *bool `json:"localSecurityOptionsDoNotRequireCtrlAltDel,omitempty"`
	// LocalSecurityOptionsHideLastSignedInUser Do not display the username of the last person who signed in on this device.
	LocalSecurityOptionsHideLastSignedInUser *bool `json:"localSecurityOptionsHideLastSignedInUser,omitempty"`
	// LocalSecurityOptionsHideUsernameAtSignIn Do not display the username of the person signing in to this device after credentials are entered and before the device’s desktop is shown.
	LocalSecurityOptionsHideUsernameAtSignIn *bool `json:"localSecurityOptionsHideUsernameAtSignIn,omitempty"`
	// LocalSecurityOptionsLogOnMessageTitle Set message title for users attempting to log in.
	LocalSecurityOptionsLogOnMessageTitle *string `json:"localSecurityOptionsLogOnMessageTitle,omitempty"`
	// LocalSecurityOptionsLogOnMessageText Set message text for users attempting to log in.
	LocalSecurityOptionsLogOnMessageText *string `json:"localSecurityOptionsLogOnMessageText,omitempty"`
	// LocalSecurityOptionsAllowPKU2UAuthenticationRequests Block PKU2U authentication requests to this device to use online identities.
	LocalSecurityOptionsAllowPKU2UAuthenticationRequests *bool `json:"localSecurityOptionsAllowPKU2UAuthenticationRequests,omitempty"`
	// LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool UI helper boolean for LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager entity
	LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool *bool `json:"localSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool,omitempty"`
	// LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager Edit the default Security Descriptor Definition Language string to allow or deny users and groups to make remote calls to the SAM.
	LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager *string `json:"localSecurityOptionsAllowRemoteCallsToSecurityAccountsManager,omitempty"`
	// LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security.
	LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients *LocalSecurityOptionsMinimumSessionSecurity `json:"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients,omitempty"`
	// LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security.
	LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers *LocalSecurityOptionsMinimumSessionSecurity `json:"localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers,omitempty"`
	// LanManagerAuthenticationLevel This security setting determines which challenge/response authentication protocol is used for network logons.
	LanManagerAuthenticationLevel *LanManagerAuthenticationLevel `json:"lanManagerAuthenticationLevel,omitempty"`
	// LanManagerWorkstationDisableInsecureGuestLogons If enabled,the SMB client will allow insecure guest logons. If not configured, the SMB client will reject insecure guest logons.
	LanManagerWorkstationDisableInsecureGuestLogons *bool `json:"lanManagerWorkstationDisableInsecureGuestLogons,omitempty"`
	// LocalSecurityOptionsClearVirtualMemoryPageFile This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.
	LocalSecurityOptionsClearVirtualMemoryPageFile *bool `json:"localSecurityOptionsClearVirtualMemoryPageFile,omitempty"`
	// LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn This security setting determines whether a computer can be shut down without having to log on to Windows.
	LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn *bool `json:"localSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn,omitempty"`
	// LocalSecurityOptionsAllowUIAccessApplicationElevation Allow UIAccess apps to prompt for elevation without using the secure desktop.
	LocalSecurityOptionsAllowUIAccessApplicationElevation *bool `json:"localSecurityOptionsAllowUIAccessApplicationElevation,omitempty"`
	// LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations Virtualize file and registry write failures to per user locations
	LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations *bool `json:"localSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations,omitempty"`
	// LocalSecurityOptionsOnlyElevateSignedExecutables Enforce PKI certification path validation for a given executable file before it is permitted to run.
	LocalSecurityOptionsOnlyElevateSignedExecutables *bool `json:"localSecurityOptionsOnlyElevateSignedExecutables,omitempty"`
	// LocalSecurityOptionsAdministratorElevationPromptBehavior Define the behavior of the elevation prompt for admins in Admin Approval Mode.
	LocalSecurityOptionsAdministratorElevationPromptBehavior *LocalSecurityOptionsAdministratorElevationPromptBehaviorType `json:"localSecurityOptionsAdministratorElevationPromptBehavior,omitempty"`
	// LocalSecurityOptionsStandardUserElevationPromptBehavior Define the behavior of the elevation prompt for standard users.
	LocalSecurityOptionsStandardUserElevationPromptBehavior *LocalSecurityOptionsStandardUserElevationPromptBehaviorType `json:"localSecurityOptionsStandardUserElevationPromptBehavior,omitempty"`
	// LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation Enable all elevation requests to go to the interactive user's desktop rather than the secure desktop. Prompt behavior policy settings for admins and standard users are used.
	LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation *bool `json:"localSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation,omitempty"`
	// LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation App installations requiring elevated privileges will prompt for admin credentials.Default is enabled
	LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation *bool `json:"localSecurityOptionsDetectApplicationInstallationsAndPromptForElevation,omitempty"`
	// LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations Allow UIAccess apps to prompt for elevation without using the secure desktop.Default is enabled
	LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations *bool `json:"localSecurityOptionsAllowUIAccessApplicationsForSecureLocations,omitempty"`
	// LocalSecurityOptionsUseAdminApprovalMode Defines whether the built-in admin account uses Admin Approval Mode or runs all apps with full admin privileges.Default is enabled
	LocalSecurityOptionsUseAdminApprovalMode *bool `json:"localSecurityOptionsUseAdminApprovalMode,omitempty"`
	// LocalSecurityOptionsUseAdminApprovalModeForAdministrators Define whether Admin Approval Mode and all UAC policy settings are enabled, default is enabled
	LocalSecurityOptionsUseAdminApprovalModeForAdministrators *bool `json:"localSecurityOptionsUseAdminApprovalModeForAdministrators,omitempty"`
	// LocalSecurityOptionsInformationShownOnLockScreen Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown
	LocalSecurityOptionsInformationShownOnLockScreen *LocalSecurityOptionsInformationShownOnLockScreenType `json:"localSecurityOptionsInformationShownOnLockScreen,omitempty"`
	// LocalSecurityOptionsInformationDisplayedOnLockScreen Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown
	LocalSecurityOptionsInformationDisplayedOnLockScreen *LocalSecurityOptionsInformationDisplayedOnLockScreenType `json:"localSecurityOptionsInformationDisplayedOnLockScreen,omitempty"`
	// LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees This security setting determines whether the SMB client attempts to negotiate SMB packet signing.
	LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees *bool `json:"localSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees,omitempty"`
	// LocalSecurityOptionsClientDigitallySignCommunicationsAlways This security setting determines whether packet signing is required by the SMB client component.
	LocalSecurityOptionsClientDigitallySignCommunicationsAlways *bool `json:"localSecurityOptionsClientDigitallySignCommunicationsAlways,omitempty"`
	// LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.
	LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers *bool `json:"localSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers,omitempty"`
	// LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways This security setting determines whether packet signing is required by the SMB server component.
	LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways *bool `json:"localSecurityOptionsDisableServerDigitallySignCommunicationsAlways,omitempty"`
	// LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.
	LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees *bool `json:"localSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees,omitempty"`
	// LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares By default, this security setting restricts anonymous access to shares and pipes to the settings for named pipes that can be accessed anonymously and Shares that can be accessed anonymously
	LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares *bool `json:"localSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares,omitempty"`
	// LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts This security setting determines what additional permissions will be granted for anonymous connections to the computer.
	LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts *bool `json:"localSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts,omitempty"`
	// LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares This security setting determines whether to allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares.
	LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares *bool `json:"localSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares,omitempty"`
	// LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. It’s not stored by default.
	LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange *bool `json:"localSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange,omitempty"`
	// LocalSecurityOptionsSmartCardRemovalBehavior This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
	LocalSecurityOptionsSmartCardRemovalBehavior *LocalSecurityOptionsSmartCardRemovalBehaviorType `json:"localSecurityOptionsSmartCardRemovalBehavior,omitempty"`
	// DefenderSecurityCenterDisableAppBrowserUI Used to disable the display of the app and browser protection area.
	DefenderSecurityCenterDisableAppBrowserUI *bool `json:"defenderSecurityCenterDisableAppBrowserUI,omitempty"`
	// DefenderSecurityCenterDisableFamilyUI Used to disable the display of the family options area.
	DefenderSecurityCenterDisableFamilyUI *bool `json:"defenderSecurityCenterDisableFamilyUI,omitempty"`
	// DefenderSecurityCenterDisableHealthUI Used to disable the display of the device performance and health area.
	DefenderSecurityCenterDisableHealthUI *bool `json:"defenderSecurityCenterDisableHealthUI,omitempty"`
	// DefenderSecurityCenterDisableNetworkUI Used to disable the display of the firewall and network protection area.
	DefenderSecurityCenterDisableNetworkUI *bool `json:"defenderSecurityCenterDisableNetworkUI,omitempty"`
	// DefenderSecurityCenterDisableVirusUI Used to disable the display of the virus and threat protection area.
	DefenderSecurityCenterDisableVirusUI *bool `json:"defenderSecurityCenterDisableVirusUI,omitempty"`
	// DefenderSecurityCenterDisableAccountUI Used to disable the display of the account protection area.
	DefenderSecurityCenterDisableAccountUI *bool `json:"defenderSecurityCenterDisableAccountUI,omitempty"`
	// DefenderSecurityCenterDisableClearTpmUI Used to disable the display of the Clear TPM button.
	DefenderSecurityCenterDisableClearTpmUI *bool `json:"defenderSecurityCenterDisableClearTpmUI,omitempty"`
	// DefenderSecurityCenterDisableHardwareUI Used to disable the display of the hardware protection area.
	DefenderSecurityCenterDisableHardwareUI *bool `json:"defenderSecurityCenterDisableHardwareUI,omitempty"`
	// DefenderSecurityCenterDisableNotificationAreaUI Used to disable the display of the notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect.
	DefenderSecurityCenterDisableNotificationAreaUI *bool `json:"defenderSecurityCenterDisableNotificationAreaUI,omitempty"`
	// DefenderSecurityCenterDisableRansomwareUI Used to disable the display of the ransomware protection area.
	DefenderSecurityCenterDisableRansomwareUI *bool `json:"defenderSecurityCenterDisableRansomwareUI,omitempty"`
	// DefenderSecurityCenterDisableSecureBootUI Used to disable the display of the secure boot area under Device security.
	DefenderSecurityCenterDisableSecureBootUI *bool `json:"defenderSecurityCenterDisableSecureBootUI,omitempty"`
	// DefenderSecurityCenterDisableTroubleshootingUI Used to disable the display of the security process troubleshooting under Device security.
	DefenderSecurityCenterDisableTroubleshootingUI *bool `json:"defenderSecurityCenterDisableTroubleshootingUI,omitempty"`
	// DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI Used to disable the display of update TPM Firmware when a vulnerable firmware is detected.
	DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI *bool `json:"defenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI,omitempty"`
	// DefenderSecurityCenterOrganizationDisplayName The company name that is displayed to the users.
	DefenderSecurityCenterOrganizationDisplayName *string `json:"defenderSecurityCenterOrganizationDisplayName,omitempty"`
	// DefenderSecurityCenterHelpEmail The email address that is displayed to users.
	DefenderSecurityCenterHelpEmail *string `json:"defenderSecurityCenterHelpEmail,omitempty"`
	// DefenderSecurityCenterHelpPhone The phone number or Skype ID that is displayed to users.
	DefenderSecurityCenterHelpPhone *string `json:"defenderSecurityCenterHelpPhone,omitempty"`
	// DefenderSecurityCenterHelpURL The help portal URL this is displayed to users.
	DefenderSecurityCenterHelpURL *string `json:"defenderSecurityCenterHelpURL,omitempty"`
	// DefenderSecurityCenterNotificationsFromApp Notifications to show from the displayed areas of app
	DefenderSecurityCenterNotificationsFromApp *DefenderSecurityCenterNotificationsFromAppType `json:"defenderSecurityCenterNotificationsFromApp,omitempty"`
	// DefenderSecurityCenterITContactDisplay Configure where to display IT contact information to end users.
	DefenderSecurityCenterITContactDisplay *DefenderSecurityCenterITContactDisplayType `json:"defenderSecurityCenterITContactDisplay,omitempty"`
	// WindowsDefenderTamperProtection Configure windows defender TamperProtection settings
	WindowsDefenderTamperProtection *WindowsDefenderTamperProtectionOptions `json:"windowsDefenderTamperProtection,omitempty"`
	// FirewallBlockStatefulFTP Blocks stateful FTP connections to the device
	FirewallBlockStatefulFTP *bool `json:"firewallBlockStatefulFTP,omitempty"`
	// FirewallIdleTimeoutForSecurityAssociationInSeconds Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600
	FirewallIdleTimeoutForSecurityAssociationInSeconds *int `json:"firewallIdleTimeoutForSecurityAssociationInSeconds,omitempty"`
	// FirewallPreSharedKeyEncodingMethod Select the preshared key encoding to be used
	FirewallPreSharedKeyEncodingMethod *FirewallPreSharedKeyEncodingMethodType `json:"firewallPreSharedKeyEncodingMethod,omitempty"`
	// FirewallIPSecExemptionsAllowNeighborDiscovery Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes
	FirewallIPSecExemptionsAllowNeighborDiscovery *bool `json:"firewallIPSecExemptionsAllowNeighborDiscovery,omitempty"`
	// FirewallIPSecExemptionsAllowICMP Configures IPSec exemptions to allow ICMP
	FirewallIPSecExemptionsAllowICMP *bool `json:"firewallIPSecExemptionsAllowICMP,omitempty"`
	// FirewallIPSecExemptionsAllowRouterDiscovery Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes
	FirewallIPSecExemptionsAllowRouterDiscovery *bool `json:"firewallIPSecExemptionsAllowRouterDiscovery,omitempty"`
	// FirewallIPSecExemptionsAllowDHCP Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic
	FirewallIPSecExemptionsAllowDHCP *bool `json:"firewallIPSecExemptionsAllowDHCP,omitempty"`
	// FirewallCertificateRevocationListCheckMethod Specify how the certificate revocation list is to be enforced
	FirewallCertificateRevocationListCheckMethod *FirewallCertificateRevocationListCheckMethodType `json:"firewallCertificateRevocationListCheckMethod,omitempty"`
	// FirewallMergeKeyingModuleSettings If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set
	FirewallMergeKeyingModuleSettings *bool `json:"firewallMergeKeyingModuleSettings,omitempty"`
	// FirewallPacketQueueingMethod Configures how packet queueing should be applied in the tunnel gateway scenario
	FirewallPacketQueueingMethod *FirewallPacketQueueingMethodType `json:"firewallPacketQueueingMethod,omitempty"`
	// FirewallProfileDomain Configures the firewall profile settings for domain networks
	FirewallProfileDomain *WindowsFirewallNetworkProfile `json:"firewallProfileDomain,omitempty"`
	// FirewallProfilePublic Configures the firewall profile settings for public networks
	FirewallProfilePublic *WindowsFirewallNetworkProfile `json:"firewallProfilePublic,omitempty"`
	// FirewallProfilePrivate Configures the firewall profile settings for private networks
	FirewallProfilePrivate *WindowsFirewallNetworkProfile `json:"firewallProfilePrivate,omitempty"`
	// DefenderAdobeReaderLaunchChildProcess Value indicating the behavior of Adobe Reader from creating child processes
	DefenderAdobeReaderLaunchChildProcess *DefenderProtectionType `json:"defenderAdobeReaderLaunchChildProcess,omitempty"`
	// DefenderAttackSurfaceReductionExcludedPaths List of exe files and folders to be excluded from attack surface reduction rules
	DefenderAttackSurfaceReductionExcludedPaths []string `json:"defenderAttackSurfaceReductionExcludedPaths,omitempty"`
	// DefenderOfficeAppsOtherProcessInjectionType Value indicating the behavior of Office applications injecting into other processes
	DefenderOfficeAppsOtherProcessInjectionType *DefenderAttackSurfaceType `json:"defenderOfficeAppsOtherProcessInjectionType,omitempty"`
	// DefenderOfficeAppsOtherProcessInjection Value indicating the behavior of  Office applications injecting into other processes
	DefenderOfficeAppsOtherProcessInjection *DefenderProtectionType `json:"defenderOfficeAppsOtherProcessInjection,omitempty"`
	// DefenderOfficeCommunicationAppsLaunchChildProcess Value indicating the behavior of Office communication applications, including Microsoft Outlook, from creating child processes
	DefenderOfficeCommunicationAppsLaunchChildProcess *DefenderProtectionType `json:"defenderOfficeCommunicationAppsLaunchChildProcess,omitempty"`
	// DefenderOfficeAppsExecutableContentCreationOrLaunchType Value indicating the behavior of Office applications/macros creating or launching executable content
	DefenderOfficeAppsExecutableContentCreationOrLaunchType *DefenderAttackSurfaceType `json:"defenderOfficeAppsExecutableContentCreationOrLaunchType,omitempty"`
	// DefenderOfficeAppsExecutableContentCreationOrLaunch Value indicating the behavior of Office applications/macros creating or launching executable content
	DefenderOfficeAppsExecutableContentCreationOrLaunch *DefenderProtectionType `json:"defenderOfficeAppsExecutableContentCreationOrLaunch,omitempty"`
	// DefenderOfficeAppsLaunchChildProcessType Value indicating the behavior of Office application launching child processes
	DefenderOfficeAppsLaunchChildProcessType *DefenderAttackSurfaceType `json:"defenderOfficeAppsLaunchChildProcessType,omitempty"`
	// DefenderOfficeAppsLaunchChildProcess Value indicating the behavior of Office application launching child processes
	DefenderOfficeAppsLaunchChildProcess *DefenderProtectionType `json:"defenderOfficeAppsLaunchChildProcess,omitempty"`
	// DefenderOfficeMacroCodeAllowWin32ImportsType Value indicating the behavior of Win32 imports from Macro code in Office
	DefenderOfficeMacroCodeAllowWin32ImportsType *DefenderAttackSurfaceType `json:"defenderOfficeMacroCodeAllowWin32ImportsType,omitempty"`
	// DefenderOfficeMacroCodeAllowWin32Imports Value indicating the behavior of Win32 imports from Macro code in Office
	DefenderOfficeMacroCodeAllowWin32Imports *DefenderProtectionType `json:"defenderOfficeMacroCodeAllowWin32Imports,omitempty"`
	// DefenderScriptObfuscatedMacroCodeType Value indicating the behavior of obfuscated js/vbs/ps/macro code
	DefenderScriptObfuscatedMacroCodeType *DefenderAttackSurfaceType `json:"defenderScriptObfuscatedMacroCodeType,omitempty"`
	// DefenderScriptObfuscatedMacroCode Value indicating the behavior of obfuscated js/vbs/ps/macro code
	DefenderScriptObfuscatedMacroCode *DefenderProtectionType `json:"defenderScriptObfuscatedMacroCode,omitempty"`
	// DefenderScriptDownloadedPayloadExecutionType Value indicating the behavior of js/vbs executing payload downloaded from Internet
	DefenderScriptDownloadedPayloadExecutionType *DefenderAttackSurfaceType `json:"defenderScriptDownloadedPayloadExecutionType,omitempty"`
	// DefenderScriptDownloadedPayloadExecution Value indicating the behavior of js/vbs executing payload downloaded from Internet
	DefenderScriptDownloadedPayloadExecution *DefenderProtectionType `json:"defenderScriptDownloadedPayloadExecution,omitempty"`
	// DefenderPreventCredentialStealingType Value indicating if credential stealing from the Windows local security authority subsystem is permitted
	DefenderPreventCredentialStealingType *DefenderProtectionType `json:"defenderPreventCredentialStealingType,omitempty"`
	// DefenderProcessCreationType Value indicating response to process creations originating from PSExec and WMI commands
	DefenderProcessCreationType *DefenderAttackSurfaceType `json:"defenderProcessCreationType,omitempty"`
	// DefenderProcessCreation Value indicating response to process creations originating from PSExec and WMI commands
	DefenderProcessCreation *DefenderProtectionType `json:"defenderProcessCreation,omitempty"`
	// DefenderUntrustedUSBProcessType Value indicating response to untrusted and unsigned processes that run from USB
	DefenderUntrustedUSBProcessType *DefenderAttackSurfaceType `json:"defenderUntrustedUSBProcessType,omitempty"`
	// DefenderUntrustedUSBProcess Value indicating response to untrusted and unsigned processes that run from USB
	DefenderUntrustedUSBProcess *DefenderProtectionType `json:"defenderUntrustedUSBProcess,omitempty"`
	// DefenderUntrustedExecutableType Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria
	DefenderUntrustedExecutableType *DefenderAttackSurfaceType `json:"defenderUntrustedExecutableType,omitempty"`
	// DefenderUntrustedExecutable Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria
	DefenderUntrustedExecutable *DefenderProtectionType `json:"defenderUntrustedExecutable,omitempty"`
	// DefenderEmailContentExecutionType Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client)
	DefenderEmailContentExecutionType *DefenderAttackSurfaceType `json:"defenderEmailContentExecutionType,omitempty"`
	// DefenderEmailContentExecution Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client)
	DefenderEmailContentExecution *DefenderProtectionType `json:"defenderEmailContentExecution,omitempty"`
	// DefenderAdvancedRansomewareProtectionType Value indicating use of advanced protection against ransomeware
	DefenderAdvancedRansomewareProtectionType *DefenderProtectionType `json:"defenderAdvancedRansomewareProtectionType,omitempty"`
	// DefenderGuardMyFoldersType Value indicating the behavior of protected folders
	DefenderGuardMyFoldersType *FolderProtectionType `json:"defenderGuardMyFoldersType,omitempty"`
	// DefenderGuardedFoldersAllowedAppPaths List of paths to exe that are allowed to access protected folders
	DefenderGuardedFoldersAllowedAppPaths []string `json:"defenderGuardedFoldersAllowedAppPaths,omitempty"`
	// DefenderAdditionalGuardedFolders List of folder paths to be added to the list of protected folders
	DefenderAdditionalGuardedFolders []string `json:"defenderAdditionalGuardedFolders,omitempty"`
	// DefenderNetworkProtectionType Value indicating the behavior of NetworkProtection
	DefenderNetworkProtectionType *DefenderProtectionType `json:"defenderNetworkProtectionType,omitempty"`
	// DefenderExploitProtectionXML Xml content containing information regarding exploit protection details.
	DefenderExploitProtectionXML *Binary `json:"defenderExploitProtectionXml,omitempty"`
	// DefenderExploitProtectionXMLFileName Name of the file from which DefenderExploitProtectionXml was obtained.
	DefenderExploitProtectionXMLFileName *string `json:"defenderExploitProtectionXmlFileName,omitempty"`
	// DefenderSecurityCenterBlockExploitProtectionOverride Indicates whether or not to block user from overriding Exploit Protection settings.
	DefenderSecurityCenterBlockExploitProtectionOverride *bool `json:"defenderSecurityCenterBlockExploitProtectionOverride,omitempty"`
	// AppLockerApplicationControl Enables the Admin to choose what types of app to allow on devices.
	AppLockerApplicationControl *AppLockerApplicationControlType `json:"appLockerApplicationControl,omitempty"`
	// DeviceGuardLocalSystemAuthorityCredentialGuardSettings Turn on Credential Guard when Platform Security Level with Secure Boot and Virtualization Based Security are both enabled.
	DeviceGuardLocalSystemAuthorityCredentialGuardSettings *DeviceGuardLocalSystemAuthorityCredentialGuardType `json:"deviceGuardLocalSystemAuthorityCredentialGuardSettings,omitempty"`
	// DeviceGuardEnableVirtualizationBasedSecurity Turns On Virtualization Based Security(VBS).
	DeviceGuardEnableVirtualizationBasedSecurity *bool `json:"deviceGuardEnableVirtualizationBasedSecurity,omitempty"`
	// DeviceGuardEnableSecureBootWithDMA This property will be deprecated in May 2019 and will be replaced with property DeviceGuardSecureBootWithDMA. Specifies whether Platform Security Level is enabled at next reboot.
	DeviceGuardEnableSecureBootWithDMA *bool `json:"deviceGuardEnableSecureBootWithDMA,omitempty"`
	// DeviceGuardSecureBootWithDMA Specifies whether Platform Security Level is enabled at next reboot.
	DeviceGuardSecureBootWithDMA *SecureBootWithDMAType `json:"deviceGuardSecureBootWithDMA,omitempty"`
	// DeviceGuardLaunchSystemGuard Allows the IT admin to configure the launch of System Guard.
	DeviceGuardLaunchSystemGuard *Enablement `json:"deviceGuardLaunchSystemGuard,omitempty"`
	// SmartScreenEnableInShell Allows IT Admins to configure SmartScreen for Windows.
	SmartScreenEnableInShell *bool `json:"smartScreenEnableInShell,omitempty"`
	// SmartScreenBlockOverrideForFiles Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
	SmartScreenBlockOverrideForFiles *bool `json:"smartScreenBlockOverrideForFiles,omitempty"`
	// ApplicationGuardEnabled Enable Windows Defender Application Guard
	ApplicationGuardEnabled *bool `json:"applicationGuardEnabled,omitempty"`
	// ApplicationGuardEnabledOptions Enable Windows Defender Application Guard for newer Windows builds
	ApplicationGuardEnabledOptions *ApplicationGuardEnabledOptions `json:"applicationGuardEnabledOptions,omitempty"`
	// ApplicationGuardBlockFileTransfer Block clipboard to transfer image file, text file or neither of them
	ApplicationGuardBlockFileTransfer *ApplicationGuardBlockFileTransferType `json:"applicationGuardBlockFileTransfer,omitempty"`
	// ApplicationGuardBlockNonEnterpriseContent Block enterprise sites to load non-enterprise content, such as third party plug-ins
	ApplicationGuardBlockNonEnterpriseContent *bool `json:"applicationGuardBlockNonEnterpriseContent,omitempty"`
	// ApplicationGuardAllowPersistence Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.)
	ApplicationGuardAllowPersistence *bool `json:"applicationGuardAllowPersistence,omitempty"`
	// ApplicationGuardForceAuditing Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)
	ApplicationGuardForceAuditing *bool `json:"applicationGuardForceAuditing,omitempty"`
	// ApplicationGuardBlockClipboardSharing Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways.
	ApplicationGuardBlockClipboardSharing *ApplicationGuardBlockClipboardSharingType `json:"applicationGuardBlockClipboardSharing,omitempty"`
	// ApplicationGuardAllowPrintToPDF Allow printing to PDF from Container
	ApplicationGuardAllowPrintToPDF *bool `json:"applicationGuardAllowPrintToPDF,omitempty"`
	// ApplicationGuardAllowPrintToXPS Allow printing to XPS from Container
	ApplicationGuardAllowPrintToXPS *bool `json:"applicationGuardAllowPrintToXPS,omitempty"`
	// ApplicationGuardAllowPrintToLocalPrinters Allow printing to Local Printers from Container
	ApplicationGuardAllowPrintToLocalPrinters *bool `json:"applicationGuardAllowPrintToLocalPrinters,omitempty"`
	// ApplicationGuardAllowPrintToNetworkPrinters Allow printing to Network Printers from Container
	ApplicationGuardAllowPrintToNetworkPrinters *bool `json:"applicationGuardAllowPrintToNetworkPrinters,omitempty"`
	// ApplicationGuardAllowVirtualGPU Allow application guard to use virtual GPU
	ApplicationGuardAllowVirtualGPU *bool `json:"applicationGuardAllowVirtualGPU,omitempty"`
	// ApplicationGuardAllowFileSaveOnHost Allow users to download files from Edge in the application guard container and save them on the host file system
	ApplicationGuardAllowFileSaveOnHost *bool `json:"applicationGuardAllowFileSaveOnHost,omitempty"`
	// BitLockerAllowStandardUserEncryption Allows the admin to allow standard users to enable encrpytion during Azure AD Join.
	BitLockerAllowStandardUserEncryption *bool `json:"bitLockerAllowStandardUserEncryption,omitempty"`
	// BitLockerDisableWarningForOtherDiskEncryption Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
	BitLockerDisableWarningForOtherDiskEncryption *bool `json:"bitLockerDisableWarningForOtherDiskEncryption,omitempty"`
	// BitLockerEnableStorageCardEncryptionOnMobile Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU.
	BitLockerEnableStorageCardEncryptionOnMobile *bool `json:"bitLockerEnableStorageCardEncryptionOnMobile,omitempty"`
	// BitLockerEncryptDevice Allows the admin to require encryption to be turned on using BitLocker.
	BitLockerEncryptDevice *bool `json:"bitLockerEncryptDevice,omitempty"`
	// BitLockerSystemDrivePolicy BitLocker System Drive Policy.
	BitLockerSystemDrivePolicy *BitLockerSystemDrivePolicy `json:"bitLockerSystemDrivePolicy,omitempty"`
	// BitLockerFixedDrivePolicy BitLocker Fixed Drive Policy.
	BitLockerFixedDrivePolicy *BitLockerFixedDrivePolicy `json:"bitLockerFixedDrivePolicy,omitempty"`
	// BitLockerRemovableDrivePolicy BitLocker Removable Drive Policy.
	BitLockerRemovableDrivePolicy *BitLockerRemovableDrivePolicy `json:"bitLockerRemovableDrivePolicy,omitempty"`
	// BitLockerRecoveryPasswordRotation This setting initiates a client-driven recovery password rotation after an OS drive recovery (either by using bootmgr or WinRE).
	BitLockerRecoveryPasswordRotation *BitLockerRecoveryPasswordRotationType `json:"bitLockerRecoveryPasswordRotation,omitempty"`
}