mmckinnon/IntunePolicies

Go to file

Matthew McKinnon ac08902f9f Initial Commit

2025-02-04 19:23:56 +10:00

.gitignore

Initial Commit

2025-02-04 19:23:56 +10:00

ASR_Rules.tf

Initial Commit

2025-02-04 19:23:56 +10:00

AzureAD_Group_MEM_Windows_workstations.tf

Initial Commit

2025-02-04 19:23:56 +10:00

Bitlocker_Security_Baseline.tf

Initial Commit

2025-02-04 19:23:56 +10:00

Disable_Enumeration_of_SAM_Accounts_and_Shares.tf

Initial Commit

2025-02-04 19:23:56 +10:00

Edge_Security_Baseline.tf

Initial Commit

2025-02-04 19:23:56 +10:00

Enable_Local_Security_Authority_Protection_Mode.tf

Initial Commit

2025-02-04 19:23:56 +10:00

Enforce_password_age_history.tf

Initial Commit

2025-02-04 19:23:56 +10:00

LAPS.tf

Initial Commit

2025-02-04 19:23:56 +10:00

OneDrive.tf

Initial Commit

2025-02-04 19:23:56 +10:00

profider.tf

Initial Commit

2025-02-04 19:23:56 +10:00

PUA_Block.tf

Initial Commit

2025-02-04 19:23:56 +10:00

README.md

Initial Commit

2025-02-04 19:23:56 +10:00

README.md

Intune Configuration Policies

This repository contains terraform files that will auto provision Intune Policies that will help lift Microsoft Secure Score and apply Security settings across the tenant.

Azure AD Group

AzureAD_Group_MEM_Windows_workstations - Create a Dynamic Azure AD Group with rule to add all Windows Workstations running Windows 10 or higher.

(device.deviceOSVersion -startsWith \"10.0\") and (device.deviceOSType -eq \"Windows\")

Policies

Defender ASR Rules - Set to Block
Bitlocker - Enabled
PUA (Potentially Unwanted Apps) Blocked
Disable Enumeration of SAM Accounts and Shares
Microsoft Edge Security Baseline
Enable Local Security Authority Protection Mode
Enforce Password History - 24 Password, 1 Password Age
LAPS - Enable Local Administrator Account and turn on LAPS
OneDrive