mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac08902f9f0748d82cd4eb4b8c44d9d9815fe673
IntunePolicies/README.md
Matthew McKinnon ac08902f9f Initial Commit
2025-02-04 19:23:56 +10:00

859 B
Raw Blame History

Intune Configuration Policies

This repository contains terraform files that will auto provision Intune Policies that will help lift Microsoft Secure Score and apply Security settings across the tenant.

Azure AD Group

  • AzureAD_Group_MEM_Windows_workstations - Create a Dynamic Azure AD Group with rule to add all Windows Workstations running Windows 10 or higher.
(device.deviceOSVersion -startsWith \"10.0\") and (device.deviceOSType -eq \"Windows\")

Policies

  • Defender ASR Rules - Set to Block
  • Bitlocker - Enabled
  • PUA (Potentially Unwanted Apps) Blocked
  • Disable Enumeration of SAM Accounts and Shares
  • Microsoft Edge Security Baseline
  • Enable Local Security Authority Protection Mode
  • Enforce Password History - 24 Password, 1 Password Age
  • LAPS - Enable Local Administrator Account and turn on LAPS
  • OneDrive