Initial Commit

ASR_Rules.tf

@@ -0,0 +1,104 @@
+resource "microsoft365wp_device_management_configuration_policy" "asr_rules" {
+  name = "ASR Rules"
+  template_reference = { id = "e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1" }
+  technologies            = "mdm,microsoftSense"
+
+  settings = [
+    { instance = {
+
+      definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules"
+      template_reference = { id = "19600663-e264-4c02-8f55-f2983216d6d7" }
+      group_collection = { values = [
+        {
+          children = [
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros_block" } }
+            },
+            {
+              definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware"
+              choice        = { value = { value = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block" } }
+            }
+
+          ]
+        }
+        ]
+      }
+      }
+    }
+  ]
+
+  depends_on = [azuread_group.mem_windows_devices]
+  assignments = [
+    for x in [
+      "${data.azuread_group.mem_windows_devices.object_id}"
+    ] :
+    { target = { group = { group_id = x } } }
+  ]
+
+}
+