From b20e3e80ea29c844833b49d5fe426892b3a7f736 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B8ren=20Albeck?=
 <61009084+salbeck-sit@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:14:04 +0100
Subject: [PATCH 1/2] Update MSFT_AADPasswordRuleSettings.schema.mof
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added ValueMap and Values ('Enforced' and øAudit' to schema-entry for BannedPasswordCheckOnPremisesMode since the resource-params already accepts only these values
---
 .../MSFT_AADPasswordRuleSettings.schema.mof                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof
index 1356eee844..da6e651dd0 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof
@@ -6,7 +6,7 @@ class MSFT_AADPasswordRuleSettings : OMI_BaseResource
     [Write, Description("The duration in seconds of the initial lockout period.")] UInt32 LockoutDurationInSeconds;
     [Write, Description("Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.")] Boolean EnableBannedPasswordCheck;
     [Write, Description("A list of banned words in passwords.")] String BannedPasswordList[];
-    [Write, Description("How should we enforce password policy check in on-premises system.")] String BannedPasswordCheckOnPremisesMode;
+    [Write, Description("How should we enforce password policy check in on-premises system."), ValueMap{"Enforced","Audit"}, Values{"Enforced","Audit"}] String BannedPasswordCheckOnPremisesMode;
     [Write, Description("Boolean indicating if the banned password check is turned on or not for on-premises system.")] Boolean EnableBannedPasswordCheckOnPremises;
     [Write, Description("Specify if the Azure AD Password Rule Settings should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;

From c7c1b3079a4b7977ceaf4be1d32880691c7b9213 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B8ren=20Albeck?=
 <61009084+salbeck-sit@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:16:19 +0100
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d035e95202..910f7b4ebe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 # UNRELEASED
 
+* AADPasswordRuleSettings
+  * Updated schema to only accept values 'Enforced' and 'Audit' for parameter BannedPasswordCheckOnPremisesMode
 * AADRoleEligibilityScheduleRequest
   * Reduce call count when reconciling object type
     FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621)