209 lines
10 KiB
HCL
209 lines
10 KiB
HCL
resource "microsoft365wp_device_management_configuration_policy" "enable_bitlocker" {
|
|
name = "Bitlocker"
|
|
settings = [
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name_6" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name_6" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name_6" } }
|
|
}
|
|
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name_2" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name_2" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name_1" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name_1" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name_0" } }
|
|
}
|
|
,
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name_1" } }
|
|
}
|
|
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name_1" } }
|
|
}
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name_2" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name_2" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name_1" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name_1" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name_1" } }
|
|
}
|
|
,
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name_1" } }
|
|
}
|
|
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name_1" } }
|
|
}
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_1"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name_0" } }
|
|
},
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name_1" } }
|
|
}
|
|
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption_0"
|
|
children = [
|
|
{
|
|
definition_id = "device_vendor_msft_bitlocker_allowstandarduserencryption"
|
|
choice = { value = { value = "device_vendor_msft_bitlocker_allowstandarduserencryption_1" } }
|
|
}
|
|
]
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation_2"
|
|
}
|
|
}
|
|
} },
|
|
{ instance = {
|
|
definition_id = "device_vendor_msft_bitlocker_requiredeviceencryption"
|
|
choice = {
|
|
value = {
|
|
value = "device_vendor_msft_bitlocker_requiredeviceencryption_1"
|
|
}
|
|
}
|
|
} }
|
|
]
|
|
|
|
depends_on = [azuread_group.mem_windows_devices]
|
|
assignments = [
|
|
for x in [
|
|
"${data.azuread_group.mem_windows_devices.object_id}"
|
|
] :
|
|
{ target = { group = { group_id = x } } }
|
|
]
|
|
|
|
}
|
|
|
|
|