mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add defender policy

Browse Source
This commit is contained in:
Matthew McKinnon
2025-03-06 12:26:22 +10:00
parent 8cb347868d
commit de1b3db83c
3 changed files with 400 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
FormatPolicies.ps1
View File

@ -17,7 +17,7 @@ $JsonObject = $JsonData | ConvertFrom-Json
$FormattedJson = $JsonObject | ConvertTo-Json -Depth 10 $FormattedJson = $JsonObject | ConvertTo-Json -Depth 10
# Write the formatted JSON string to the output file # Write the formatted JSON string to the output file
Set-Content -Path $output -Value $FormattedJson Set-Content -Path $export -Value $FormattedJson
remove-item $jsonfile -Force -Verbose remove-item $jsonfile -Force -Verbose

25
ImportPolicies.ps1
View File

@ -1,5 +1,5 @@
# Connect to Microsoft Graph # Connect to Microsoft Graph
Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All" -NoWelcome Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All", "Group.ReadWrite.All", "Directory.ReadWrite.All" -NoWelcome
# Get Tenant ID # Get Tenant ID
$tenant = Get-MgOrganization $tenant = Get-MgOrganization
@ -16,7 +16,7 @@ ForEach ($policie in $policies) {
try { try {
$uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version $uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version
$response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10) # $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10)
Write-Host "$PolicieName - successfully imported!" Write-Host "$PolicieName - successfully imported!"
#$response #$response
} catch { } catch {
@ -25,4 +25,25 @@ ForEach ($policie in $policies) {
} }
# Define the dynamic membership rule
$dynamicRule = '(device.deviceOSType -eq "Windows") and (device.accountEnabled -eq true) and (device.managementType -eq "MDM")'
# Create the security group with dynamic membership
$groupBody = @{
displayName = "Intune - All Windows Workstations Dynamic Membership"
mailEnabled = $false
mailNickname = "IntuneWindowsDevices"
securityEnabled = $true
groupTypes = @("DynamicMembership")
membershipRule = $dynamicRule
membershipRuleProcessingState = "On"
}
# Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
$null = Disconnect-Graph -ErrorAction SilentlyContinue $null = Disconnect-Graph -ErrorAction SilentlyContinue

375
policies/defender.json Normal file
View File

@ -0,0 +1,375 @@
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity",
"createdDateTime": "2025-03-06T02:21:32.5455032Z",
"creationSource": null,
"description": "",
"lastModifiedDateTime": "2025-03-06T02:23:54.9051226Z",
"name": "Defender",
"platforms": "windows10",
"priorityMetaData": null,
"roleScopeTagIds": [
"0"
],
"settingCount": 27,
"technologies": "mdm",
"id": "4e18b8a5-9bee-4272-b585-b876a43d6a8b",
"templateReference": {
"templateId": "",
"templateFamily": "none",
"templateDisplayName": null,
"templateDisplayVersion": null
},
"settings": [
{
"id": "0",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowarchivescanning",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowarchivescanning_1",
"children": []
}
}
},
{
"id": "1",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowbehaviormonitoring",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1",
"children": []
}
}
},
{
"id": "2",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowcloudprotection",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowcloudprotection_1",
"children": []
}
}
},
{
"id": "3",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowemailscanning",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowemailscanning_1",
"children": []
}
}
},
{
"id": "4",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowfullscanonmappednetworkdrives",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowfullscanonmappednetworkdrives_0",
"children": []
}
}
},
{
"id": "5",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowfullscanremovabledrivescanning",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowfullscanremovabledrivescanning_1",
"children": []
}
}
},
{
"id": "6",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowrealtimemonitoring",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowrealtimemonitoring_1",
"children": []
}
}
},
{
"id": "7",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowscanningnetworkfiles",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowscanningnetworkfiles_1",
"children": []
}
}
},
{
"id": "8",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowioavprotection",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowioavprotection_1",
"children": []
}
}
},
{
"id": "9",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowscriptscanning",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowscriptscanning_1",
"children": []
}
}
},
{
"id": "10",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_allowuseruiaccess",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_allowuseruiaccess_1",
"children": []
}
}
},
{
"id": "11",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_avgcpuloadfactor",
"settingInstanceTemplateReference": null,
"simpleSettingValue": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue",
"settingValueTemplateReference": null,
"value": 50
}
}
},
{
"id": "12",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_checkforsignaturesbeforerunningscan",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_checkforsignaturesbeforerunningscan_1",
"children": []
}
}
},
{
"id": "13",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_cloudblocklevel",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_cloudblocklevel_2",
"children": []
}
}
},
{
"id": "14",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_cloudextendedtimeout",
"settingInstanceTemplateReference": null,
"simpleSettingValue": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue",
"settingValueTemplateReference": null,
"value": 50
}
}
},
{
"id": "15",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_daystoretaincleanedmalware",
"settingInstanceTemplateReference": null,
"simpleSettingValue": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue",
"settingValueTemplateReference": null,
"value": 30
}
}
},
{
"id": "16",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_disablecatchupfullscan",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_disablecatchupfullscan_0",
"children": []
}
}
},
{
"id": "17",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_disablecatchupquickscan",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_disablecatchupquickscan_0",
"children": []
}
}
},
{
"id": "18",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_enablelowcpupriority",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_enablelowcpupriority_1",
"children": []
}
}
},
{
"id": "19",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_enablenetworkprotection",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_enablenetworkprotection_0",
"children": []
}
}
},
{
"id": "20",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_puaprotection",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_puaprotection_1",
"children": []
}
}
},
{
"id": "21",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_realtimescandirection",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_realtimescandirection_0",
"children": []
}
}
},
{
"id": "22",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_scanparameter",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_scanparameter_1",
"children": []
}
}
},
{
"id": "23",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_schedulequickscantime",
"settingInstanceTemplateReference": null,
"simpleSettingValue": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue",
"settingValueTemplateReference": null,
"value": 720
}
}
},
{
"id": "24",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_schedulescanday",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_schedulescanday_6",
"children": []
}
}
},
{
"id": "25",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_signatureupdateinterval",
"settingInstanceTemplateReference": null,
"simpleSettingValue": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue",
"settingValueTemplateReference": null,
"value": 4
}
}
},
{
"id": "26",
"settingInstance": {
"@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance",
"settingDefinitionId": "device_vendor_msft_policy_config_defender_submitsamplesconsent",
"settingInstanceTemplateReference": null,
"choiceSettingValue": {
"settingValueTemplateReference": null,
"value": "device_vendor_msft_policy_config_defender_submitsamplesconsent_1",
"children": []
}
}
}
]
}