chore: allow rdp connection
This commit is contained in:
219
policies/settingscatalog/ASRRules.json
Normal file
219
policies/settingscatalog/ASRRules.json
Normal file
@ -0,0 +1,219 @@
|
||||
{
|
||||
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity",
|
||||
"createdDateTime": "2025-03-03T10:40:18.2339119Z",
|
||||
"creationSource": null,
|
||||
"description": "",
|
||||
"lastModifiedDateTime": "2025-03-03T10:40:18.2339119Z",
|
||||
"name": "ASR Rules",
|
||||
"platforms": "windows10",
|
||||
"priorityMetaData": null,
|
||||
"roleScopeTagIds": [
|
||||
"0"
|
||||
],
|
||||
"settingCount": 1,
|
||||
"technologies": "mdm,microsoftSense",
|
||||
"id": "f1060289-5cc1-4c41-8a43-b9dc9032cfc3",
|
||||
"templateReference": {
|
||||
"templateId": "",
|
||||
"templateFamily": "none",
|
||||
"templateDisplayName": null,
|
||||
"templateDisplayVersion": null
|
||||
},
|
||||
"settings": [
|
||||
{
|
||||
"id": "0",
|
||||
"settingInstance": {
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"groupSettingCollectionValue": [
|
||||
{
|
||||
"settingValueTemplateReference": null,
|
||||
"children": [
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros_block",
|
||||
"children": []
|
||||
}
|
||||
},
|
||||
{
|
||||
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
|
||||
"settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware",
|
||||
"settingInstanceTemplateReference": null,
|
||||
"choiceSettingValue": {
|
||||
"settingValueTemplateReference": null,
|
||||
"value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block",
|
||||
"children": []
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user