AADPasswordRuleSettings - updated schema entry for BannedPasswordCheckOnPremisesMode

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 # UNRELEASED
 
+* AADPasswordRuleSettings
+  * Updated schema to only accept values 'Enforced' and 'Audit' for parameter BannedPasswordCheckOnPremisesMode
 * AADRoleEligibilityScheduleRequest
   * Reduce call count when reconciling object type
     FIXES [#5621](https://github.com/microsoft/Microsoft365DSC/issues/5621)

Modules/Microsoft365DSC/DSCResources/MSFT_AADPasswordRuleSettings/MSFT_AADPasswordRuleSettings.schema.mof

@@ -6,7 +6,7 @@ class MSFT_AADPasswordRuleSettings : OMI_BaseResource
     [Write, Description("The duration in seconds of the initial lockout period.")] UInt32 LockoutDurationInSeconds;
     [Write, Description("Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.")] Boolean EnableBannedPasswordCheck;
     [Write, Description("A list of banned words in passwords.")] String BannedPasswordList[];
-    [Write, Description("How should we enforce password policy check in on-premises system.")] String BannedPasswordCheckOnPremisesMode;
+    [Write, Description("How should we enforce password policy check in on-premises system."), ValueMap{"Enforced","Audit"}, Values{"Enforced","Audit"}] String BannedPasswordCheckOnPremisesMode;
     [Write, Description("Boolean indicating if the banned password check is turned on or not for on-premises system.")] Boolean EnableBannedPasswordCheckOnPremises;
     [Write, Description("Specify if the Azure AD Password Rule Settings should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;