26 lines
859 B
Markdown
26 lines
859 B
Markdown
# Intune Configuration Policies
|
|
|
|
This repository contains terraform files that will auto provision Intune Policies that will help lift Microsoft Secure Score and apply Security settings across the tenant.
|
|
|
|
## Azure AD Group
|
|
|
|
* AzureAD_Group_MEM_Windows_workstations - Create a Dynamic Azure AD Group with rule to add all Windows Workstations running Windows 10 or higher.
|
|
|
|
```PowerShell
|
|
(device.deviceOSVersion -startsWith \"10.0\") and (device.deviceOSType -eq \"Windows\")
|
|
```
|
|
|
|
## Policies
|
|
|
|
* Defender ASR Rules - Set to Block
|
|
* Bitlocker - Enabled
|
|
* PUA (Potentially Unwanted Apps) Blocked
|
|
* Disable Enumeration of SAM Accounts and Shares
|
|
* Microsoft Edge Security Baseline
|
|
* Enable Local Security Authority Protection Mode
|
|
* Enforce Password History - 24 Password, 1 Password Age
|
|
* LAPS - Enable Local Administrator Account and turn on LAPS
|
|
* OneDrive
|
|
|
|
|