Initial Commit
This commit is contained in:
25
README.md
Normal file
25
README.md
Normal file
@ -0,0 +1,25 @@
|
||||
# Intune Configuration Policies
|
||||
|
||||
This repository contains terraform files that will auto provision Intune Policies that will help lift Microsoft Secure Score and apply Security settings across the tenant.
|
||||
|
||||
## Azure AD Group
|
||||
|
||||
* AzureAD_Group_MEM_Windows_workstations - Create a Dynamic Azure AD Group with rule to add all Windows Workstations running Windows 10 or higher.
|
||||
|
||||
```PowerShell
|
||||
(device.deviceOSVersion -startsWith \"10.0\") and (device.deviceOSType -eq \"Windows\")
|
||||
```
|
||||
|
||||
## Policies
|
||||
|
||||
* Defender ASR Rules - Set to Block
|
||||
* Bitlocker - Enabled
|
||||
* PUA (Potentially Unwanted Apps) Blocked
|
||||
* Disable Enumeration of SAM Accounts and Shares
|
||||
* Microsoft Edge Security Baseline
|
||||
* Enable Local Security Authority Protection Mode
|
||||
* Enforce Password History - 24 Password, 1 Password Age
|
||||
* LAPS - Enable Local Administrator Account and turn on LAPS
|
||||
* OneDrive
|
||||
|
||||
|
||||
Reference in New Issue
Block a user