From bbca33063159d10dfa35900220c1f881e12ffb27 Mon Sep 17 00:00:00 2001 From: Matthew McKinnon Date: Wed, 5 Feb 2025 10:05:31 +1000 Subject: [PATCH] Removed template reference Add Network Protection Enabled - Edge Policy --- ASR_Rules.tf | 2 -- Bitlocker_Security_Baseline.tf | 19 ------------- Edge_Security_Baseline.tf | 50 ++++++---------------------------- 3 files changed, 8 insertions(+), 63 deletions(-) diff --git a/ASR_Rules.tf b/ASR_Rules.tf index 07c593b..012747f 100644 --- a/ASR_Rules.tf +++ b/ASR_Rules.tf @@ -1,13 +1,11 @@ resource "microsoft365wp_device_management_configuration_policy" "asr_rules" { name = "ASR Rules" - template_reference = { id = "e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1" } technologies = "mdm,microsoftSense" settings = [ { instance = { definition_id = "device_vendor_msft_policy_config_defender_attacksurfacereductionrules" - template_reference = { id = "19600663-e264-4c02-8f55-f2983216d6d7" } group_collection = { values = [ { children = [ diff --git a/Bitlocker_Security_Baseline.tf b/Bitlocker_Security_Baseline.tf index 62c276d..96959d2 100644 --- a/Bitlocker_Security_Baseline.tf +++ b/Bitlocker_Security_Baseline.tf @@ -1,14 +1,11 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlocker" { name = "Bitlocker" - template_reference = { id = "46ddfc50-d10f-4867-b852-9434254b3bff_1" } settings = [ { instance = { definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype" - template_reference = { id = "d1625438-8db8-424f-b605-cf001b7a2f97" } choice = { value = { value = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_1" - template_reference = { id = "7cd99564-6bd0-42c8-be6a-5d92c6c1faaf" } children = [ { definition_id = "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name" @@ -29,11 +26,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions" - template_reference = { id = "ad21af4f-e42f-4870-85d8-1949e9adfad7" } choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_1" - template_reference = { id = "2159ffae-55e2-406b-98b4-2ecdd9452c68" } children = [ { definition_id = "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name" @@ -71,11 +66,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype" - template_reference = { id = "85a47676-5027-4b14-9f99-e4625728244a" } choice = { value = { value = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_1" - template_reference = { id = "bdc82022-1c59-49a3-ac69-50e329650297" } children = [ { definition_id = "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name" @@ -87,11 +80,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions" - template_reference = { id = "5a350519-4bc6-4443-9c4b-6859a054ff83" } choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_1" - template_reference = { id = "2a756c45-f135-442f-9c01-829a9c9b5407" } children = [ { definition_id = "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name" @@ -129,11 +120,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype" - template_reference = { id = "d3e31794-1ce6-4572-ab0c-0c0f9200a509" } choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_1" - template_reference = { id = "54f346c7-008f-421c-bcb5-40f822bb97fe" } children = [ { definition_id = "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name" @@ -145,11 +134,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication" - template_reference = { id = "a5673a18-196d-49a0-a460-a8f35b807b45" } choice = { value = { value = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_1" - template_reference = { id = "f742e25d-2f09-41f7-9556-6af75960f42b" } children = [ { definition_id = "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name" @@ -178,11 +165,9 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption" - template_reference = { id = "e40531ee-2225-406b-b07b-1c17186c088c" } choice = { value = { value = "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption_0" - template_reference = { id = "7d348597-0f2a-43db-9fad-8b55c4f89bfe" } children = [ { definition_id = "device_vendor_msft_bitlocker_allowstandarduserencryption" @@ -194,21 +179,17 @@ resource "microsoft365wp_device_management_configuration_policy" "enable_bitlock } }, { instance = { definition_id = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation" - template_reference = { id = "48c938a7-afa0-40ef-914f-40b5da5735b4" } choice = { value = { value = "device_vendor_msft_bitlocker_configurerecoverypasswordrotation_2" - template_reference = { id = "48278072-3b30-48e9-b654-ad683fdb9aae" } } } } }, { instance = { definition_id = "device_vendor_msft_bitlocker_requiredeviceencryption" - template_reference = { id = "20ec1f6e-0d7a-4b6f-9a4f-9ed33e69ce51" } choice = { value = { value = "device_vendor_msft_bitlocker_requiredeviceencryption_1" - template_reference = { id = "86da5fa5-67cf-48d1-8215-8787a9900ae6" } } } } } diff --git a/Edge_Security_Baseline.tf b/Edge_Security_Baseline.tf index 27d378e..cc232be 100644 --- a/Edge_Security_Baseline.tf +++ b/Edge_Security_Baseline.tf @@ -1,20 +1,21 @@ resource "microsoft365wp_device_management_configuration_policy" "beaseline_edge" { - name = "Baseline Edge" + name = "Edge" technologies = "mdm" - template_reference = { id = "c66347b7-8325-4954-a235-3bf2233dfbfd_2" } - settings = [ + { instance = { + definition_id = "device_vendor_msft_policy_config_defender_enablenetworkprotection" + choice = { value = { + value = "device_vendor_msft_policy_config_defender_enablenetworkprotection_1" + } } + } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist" - template_reference = { id = "2a951e8f-db16-4124-90a8-445e0a38a427" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist_1" - template_reference = { id = "18412879-4a2a-4327-bc4d-7ceefd11c1b4" } children = [ { - definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist_extensioninstallblocklistdesc" - template_reference = { id = "e4890359-0b4a-4de3-a253-3afd395d83ef" } + definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist_extensioninstallblocklistdesc" simple_collection = { values = [ { string = { value = "*" } } ] } @@ -24,22 +25,17 @@ resource "microsoft365wp_device_management_configuration_policy" "beaseline_edge } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev88.0.705.23~policy~microsoft_edge~httpauthentication_basicauthoverhttpenabled" - template_reference = { id = "0731cb20-670c-4098-828c-4e4fcd6a6564" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev88.0.705.23~policy~microsoft_edge~httpauthentication_basicauthoverhttpenabled_0" - template_reference = { id = "af096427-add6-49e9-9f77-14473775f719" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes" - template_reference = { id = "ff2dc16a-351f-4951-8797-7e2c7c9aac8d" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes_1" - template_reference = { id = "043f5d07-08f0-4ed2-8411-0e67ccd4f2d8" } children = [ { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes_authschemes" - template_reference = { id = "0cf2d402-7e71-47d9-9c20-b5de2ce906da" } simple = { value = { string = { value = "ntlm,negotiate" @@ -51,122 +47,92 @@ resource "microsoft365wp_device_management_configuration_policy" "beaseline_edge } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~nativemessaging_nativemessaginguserlevelhosts" - template_reference = { id = "1e9bfcff-625a-4a1f-8953-afc350005704" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~nativemessaging_nativemessaginguserlevelhosts_0" - template_reference = { id = "809f5c33-a7f3-45d7-9b47-ff70a768922d" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge~privatenetworkrequestsettings_insecureprivatenetworkrequestsallowed" - template_reference = { id = "c6dec9f2-a235-4878-8462-e88569b47e0b" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge~privatenetworkrequestsettings_insecureprivatenetworkrequestsallowed_0" - template_reference = { id = "88dd6607-2b2d-4597-8757-ada32300b42b" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_smartscreenenabled" - template_reference = { id = "413019e3-9d1f-412d-9902-1dcd01b2ea80" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_smartscreenenabled_1" - template_reference = { id = "31be30c0-581d-40b9-97bf-cfd8848966a8" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled" - template_reference = { id = "12ff32ac-8899-4936-8ce1-206d6df0eca6" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled_1" - template_reference = { id = "859e84af-0450-47b9-921c-f48fb1eec3fe" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverride" - template_reference = { id = "90dd2915-f1d5-4ce1-a4ae-2e32055df32f" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverride_1" - template_reference = { id = "e4d533d7-3afb-4fc1-a751-c1036fe6c5b4" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverrideforfiles" - template_reference = { id = "5b7881b3-e97f-4df3-85f4-d702876edf6a" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverrideforfiles_1" - template_reference = { id = "7dbbe40c-e0ec-4db7-a27e-aab277299f9d" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge_internetexplorerintegrationreloadiniemodeallowed" - template_reference = { id = "fd416796-3442-405c-9f9e-e1ca3c0b9e3f" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge_internetexplorerintegrationreloadiniemodeallowed_0" - template_reference = { id = "f4bf8e1d-2c11-42dc-b3b1-7039987bf59c" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslerroroverrideallowed" - template_reference = { id = "f4f34d05-9bbd-48a4-aa86-84add2b23657" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslerroroverrideallowed_0" - template_reference = { id = "6bdff043-f16a-48b9-94ed-06d35e049a0a" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev117~policy~microsoft_edge_internetexplorerintegrationzoneidentifiermhtfileallowed" - template_reference = { id = "ba15aa09-ea95-49bd-92bf-de9cec9c1146" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev117~policy~microsoft_edge_internetexplorerintegrationzoneidentifiermhtfileallowed_0" - template_reference = { id = "1272fcf1-de3d-433a-985c-7fd930c31259" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev95~policy~microsoft_edge_browserlegacyextensionpointsblockingenabled" - template_reference = { id = "244ad831-d65d-414b-bcd7-7cc7065d93c0" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev95~policy~microsoft_edge_browserlegacyextensionpointsblockingenabled_1" - template_reference = { id = "33d6a543-7052-4c54-93f0-5dee3ab4b78a" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_siteperprocess" - template_reference = { id = "3d1b6b01-aa72-42a5-bb9e-1425a5289973" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_siteperprocess_1" - template_reference = { id = "035b8874-3758-47d5-94d5-2c24893ef7f8" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev97~policy~microsoft_edge_edgeenhanceimagesenabled" - template_reference = { id = "9d1101a5-870a-4cab-bdcf-09ffd5475d50" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev97~policy~microsoft_edge_edgeenhanceimagesenabled_0" - template_reference = { id = "916e4429-a9a0-4b75-9288-ff66feca858d" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev107~policy~microsoft_edge_websqlaccess" - template_reference = { id = "e74a4383-7069-4381-a4ba-4a56b5f7b85c" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev107~policy~microsoft_edge_websqlaccess_0" - template_reference = { id = "776df7ac-010d-4ca7-8e4f-7ec80bba01c0" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev96~policy~microsoft_edge_internetexplorermodetoolbarbuttonenabled" - template_reference = { id = "40b5a825-fbda-41c2-a00f-162139d8cd25" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev96~policy~microsoft_edge_internetexplorermodetoolbarbuttonenabled_0" - template_reference = { id = "91ed9f9c-14b9-4c72-88d5-45ebfa4378ca" } } } } }, { instance = { definition_id = "device_vendor_msft_policy_config_microsoft_edgev111~policy~microsoft_edge_sharedarraybufferunrestrictedaccessallowed" - template_reference = { id = "65f6b4ba-d54a-439a-8fe9-1b2e7eb2eb9f" } choice = { value = { value = "device_vendor_msft_policy_config_microsoft_edgev111~policy~microsoft_edge_sharedarraybufferunrestrictedaccessallowed_0" - template_reference = { id = "867dfba5-2de2-4a4a-b37e-49b46f92825b" } } } } }