chore: migrated to json and powershell
This commit is contained in:
48
README.md
48
README.md
@ -1,25 +1,41 @@
|
||||
# Intune Configuration Policies
|
||||
|
||||
|
||||
This repository contains terraform files that will auto provision Intune Policies that will help lift Microsoft Secure Score and apply Security settings across the tenant.
|
||||
# Intune Policies for Business Premium
|
||||
|
||||
## Azure AD Group
|
||||
This reposigotry contains exported JSON formatted Intune Device Management Configuration Policies.
|
||||
|
||||
* AzureAD_Group_MEM_Windows_workstations - Create a Dynamic Azure AD Group with rule to add all Windows Workstations running Windows 10 or higher.
|
||||
For more details information and use, please see the internal LegitiIT guides.
|
||||
|
||||
```PowerShell
|
||||
(device.deviceOSVersion -startsWith \"10.0\") and (device.deviceOSType -eq \"Windows\")
|
||||
## Running
|
||||
|
||||
***IMPORTANT*** - These scripts are designed to run under PowerShell 7 (Core). They will not run with the in-built PowerShell 5.1. You can install PowerShell using the following command.
|
||||
|
||||
```
|
||||
winget install --id Microsoft.PowerShell --source winget
|
||||
```
|
||||
|
||||
## Policies
|
||||
### FormatPolicies.ps1
|
||||
|
||||
* Defender ASR Rules - Set to Block
|
||||
* Bitlocker - Enabled
|
||||
* PUA (Potentially Unwanted Apps) Blocked
|
||||
* Disable Enumeration of SAM Accounts and Shares
|
||||
* Microsoft Edge Security Baseline
|
||||
* Enable Local Security Authority Protection Mode
|
||||
* Enforce Password History - 24 Password, 1 Password Age
|
||||
* LAPS - Enable Local Administrator Account and turn on LAPS
|
||||
* OneDrive
|
||||
FormatPolicies.ps1 is used to reformat a downloaded JSON Intune Policie into a human readable format.
|
||||
|
||||
```
|
||||
.\FormatPolicies.ps1 -jsonfile <NAMEOFFILE> -output ./policies/policiename.json
|
||||
```
|
||||
|
||||
### ImportPolicies.ps1
|
||||
|
||||
ImportPolicies.ps1 is used to import the policies from the policies folder.
|
||||
|
||||
When you run the script it will ask you to sign into the tenant. Once signed in it will then crycle through the policies in the policies folder and import them.
|
||||
|
||||
```
|
||||
pwsh> .\ImportPolicies.ps1
|
||||
✅ ASRRules.json - successfully imported!
|
||||
✅ bitlocker.json - successfully imported!
|
||||
✅ disableenumerationsam.json - successfully imported!
|
||||
✅ disablepua.json - successfully imported!
|
||||
✅ edge.json - successfully imported!
|
||||
✅ LAPS.json - successfully imported!
|
||||
✅ OneDrive.json - successfully imported!
|
||||
✅ passwordhistory.json - successfully imported!
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user