mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Matthew McKinnon
2025-02-04 19:23:56 +10:00
commit ac08902f9f
13 changed files with 809 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
Bitlocker_Security_Baseline.tf Normal file
View File

@ -0,0 +1,227 @@
resource "microsoft365wp_device_management_configuration_policy" "enable_bitlocker" {
name = "Bitlocker"
template_reference = { id = "46ddfc50-d10f-4867-b852-9434254b3bff_1" }
settings = [
{ instance = {
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype"
template_reference = { id = "d1625438-8db8-424f-b605-cf001b7a2f97" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_1"
template_reference = { id = "7cd99564-6bd0-42c8-be6a-5d92c6c1faaf" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name_6" } }
},
{
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name_6" } }
},
{
definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name_6" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions"
template_reference = { id = "ad21af4f-e42f-4870-85d8-1949e9adfad7" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_1"
template_reference = { id = "2159ffae-55e2-406b-98b4-2ecdd9452c68" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name_2" } }
},
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name_2" } }
},
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name_1" } }
},
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name_1" } }
},
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name_0" } }
}
,
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype"
template_reference = { id = "85a47676-5027-4b14-9f99-e4625728244a" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_1"
template_reference = { id = "bdc82022-1c59-49a3-ac69-50e329650297" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions"
template_reference = { id = "5a350519-4bc6-4443-9c4b-6859a054ff83" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_1"
template_reference = { id = "2a756c45-f135-442f-9c01-829a9c9b5407" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name_2" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name_2" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name_1" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name_1" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name_1" } }
}
,
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype"
template_reference = { id = "d3e31794-1ce6-4572-ab0c-0c0f9200a509" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_1"
template_reference = { id = "54f346c7-008f-421c-bcb5-40f822bb97fe" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication"
template_reference = { id = "a5673a18-196d-49a0-a460-a8f35b807b45" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_1"
template_reference = { id = "f742e25d-2f09-41f7-9556-6af75960f42b" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name_0" } }
},
{
definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name"
choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption"
template_reference = { id = "e40531ee-2225-406b-b07b-1c17186c088c" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption_0"
template_reference = { id = "7d348597-0f2a-43db-9fad-8b55c4f89bfe" }
children = [
{
definition_id = "device_vendor_msft_bitlocker_allowstandarduserencryption"
choice = { value = { value = "device_vendor_msft_bitlocker_allowstandarduserencryption_1" } }
}
]
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation"
template_reference = { id = "48c938a7-afa0-40ef-914f-40b5da5735b4" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation_2"
template_reference = { id = "48278072-3b30-48e9-b654-ad683fdb9aae" }
}
}
} },
{ instance = {
definition_id = "device_vendor_msft_bitlocker_requiredeviceencryption"
template_reference = { id = "20ec1f6e-0d7a-4b6f-9a4f-9ed33e69ce51" }
choice = {
value = {
value = "device_vendor_msft_bitlocker_requiredeviceencryption_1"
template_reference = { id = "86da5fa5-67cf-48d1-8215-8787a9900ae6" }
}
}
} }
]
depends_on = [azuread_group.mem_windows_devices]
assignments = [
for x in [
"${data.azuread_group.mem_windows_devices.object_id}"
] :
{ target = { group = { group_id = x } } }
]
}