commit 25ccff0a7dc41a1b7f1e74d963e7ccb17cc9b8ea Author: Matthew McKinnon Date: Mon Mar 3 22:53:40 2025 +1000 Initial Commit diff --git a/FormatPolicies.ps1 b/FormatPolicies.ps1 new file mode 100644 index 0000000..e87db6e --- /dev/null +++ b/FormatPolicies.ps1 @@ -0,0 +1,25 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$jsonfile, + + [Parameter(Mandatory=$true)] + [string]$output + +) + +# Read the original JSON data from the file +$JsonData = Get-Content -Path $jsonfile -Raw + +# Convert JSON string to a PowerShell object +$JsonObject = $JsonData | ConvertFrom-Json + +# Convert back to JSON with indentation and formatting +$FormattedJson = $JsonObject | ConvertTo-Json -Depth 10 + +# Write the formatted JSON string to the output file +Set-Content -Path $output -Value $FormattedJson + +remove-item $jsonfile -Force -Verbose + +Write-Host "✅ JSON reformatted with line breaks and saved to: $output" + diff --git a/ImportPolicies.ps1 b/ImportPolicies.ps1 new file mode 100644 index 0000000..24b8119 --- /dev/null +++ b/ImportPolicies.ps1 @@ -0,0 +1,28 @@ +# Connect to Microsoft Graph +Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All" -NoWelcome + +# Get Tenant ID +$tenant = Get-MgOrganization +$tenantId = $tenant.Id + +$policies = Get-ChildItem ./policies + +ForEach ($policie in $policies) { + $PolicieName = $policie.name + + $JsonData = Get-Content -Path ./policies/$PolicieName -Raw + $JsonDataUpdated = $JsonData -replace '\$tenantId', $tenantId + $PolicyObject = $JsonDataUpdated | ConvertFrom-Json + + try { + $uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version + $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10) + Write-Host "✅ $PolicieName - successfully imported!" + #$response + } catch { + Write-Error "❌ An error occurred while importing the policy: $_" + } +} + + +$null = Disconnect-Graph -ErrorAction SilentlyContinue diff --git a/policies/ASRRules.json b/policies/ASRRules.json new file mode 100644 index 0000000..2b3c660 --- /dev/null +++ b/policies/ASRRules.json @@ -0,0 +1,219 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:18.2339119Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:18.2339119Z", + "name": "ASR Rules", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 1, + "technologies": "mdm,microsoftSense", + "id": "f1060289-5cc1-4c41-8a43-b9dc9032cfc3", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules", + "settingInstanceTemplateReference": null, + "groupSettingCollectionValue": [ + { + "settingValueTemplateReference": null, + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwebshellcreationforservers_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros_block", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware_block", + "children": [] + } + } + ] + } + ] + } + } + ] +} diff --git a/policies/LAPS.json b/policies/LAPS.json new file mode 100644 index 0000000..a831922 --- /dev/null +++ b/policies/LAPS.json @@ -0,0 +1,81 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:15.8588089Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:15.8588089Z", + "name": "LAPS", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 2, + "technologies": "mdm", + "id": "e7c1fcf8-13fb-42c7-a09a-3f43d7bd5cc9", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd_elm_admpwd_passwordagedays", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 14 + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd_elm_admpwd_passwordcomplexity", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd_elm_admpwd_passwordcomplexity_4", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_admx_admpwd_pol_admpwd_elm_admpwd_passwordlength", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 14 + } + } + ] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_localpoliciessecurityoptions_accounts_enableadministratoraccountstatus", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_localpoliciessecurityoptions_accounts_enableadministratoraccountstatus_1", + "children": [] + } + } + } + ] +} diff --git a/policies/OneDrive.json b/policies/OneDrive.json new file mode 100644 index 0000000..37a5ac3 --- /dev/null +++ b/policies/OneDrive.json @@ -0,0 +1,102 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:16.5122859Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:16.5122859Z", + "name": "OneDrive Policy", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 5, + "technologies": "mdm", + "id": "35fdb839-79c6-4806-8dda-cf292462a4d8", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_allowtenantlist", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_allowtenantlist_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_allowtenantlist_allowtenantlistbox", + "settingInstanceTemplateReference": null, + "simpleSettingCollectionValue": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue", + "settingValueTemplateReference": null, + "value": "$tenantid" + } + ] + } + ] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_blockexternalsync", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_blockexternalsync_1", + "children": [] + } + } + }, + { + "id": "2", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "user_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_disablepersonalsync", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "user_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_disablepersonalsync_1", + "children": [] + } + } + }, + { + "id": "3", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_silentaccountconfig", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_silentaccountconfig_1", + "children": [] + } + } + }, + { + "id": "4", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_filesondemandenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_onedrivengscv2~policy~onedrivengsc_filesondemandenabled_1", + "children": [] + } + } + } + ] +} diff --git a/policies/bitlocker.json b/policies/bitlocker.json new file mode 100644 index 0000000..915bb88 --- /dev/null +++ b/policies/bitlocker.json @@ -0,0 +1,398 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:20.9003455Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:20.9003455Z", + "name": "Bitlocker", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 9, + "technologies": "mdm", + "id": "8193519b-7e1c-45c9-ad7d-3b552a38c031", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsfdvdropdown_name_6", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsosdropdown_name_6", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_encryptionmethodbydrivetype_encryptionmethodwithxtsrdvdropdown_name_6", + "children": [] + } + } + ] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverykeyusagedropdown_name_2", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrecoverypasswordusagedropdown_name_2", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvallowdra_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackupdropdown_name_1", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvrequireactivedirectorybackup_name_1", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvhiderecoverypage_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesrecoveryoptions_fdvactivedirectorybackup_name_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "2", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesencryptiontype", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_fixeddrivesencryptiontype_fdvencryptiontypedropdown_name_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "3", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverykeyusagedropdown_name_2", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrecoverypasswordusagedropdown_name_2", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osallowdra_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackupdropdown_name_1", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osrequireactivedirectorybackup_name_1", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_oshiderecoverypage_name_1", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrecoveryoptions_osactivedirectorybackup_name_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "4", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesencryptiontype", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesencryptiontype_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesencryptiontype_osencryptiontypedropdown_name_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "5", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurenontpmstartupkeyusage_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmpinkeyusagedropdown_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmstartupkeyusagedropdown_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configurepinusagedropdown_name_0", + "children": [] + } + }, + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_systemdrivesrequirestartupauthentication_configuretpmusagedropdown_name_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "6", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_allowwarningforotherdiskencryption_0", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_allowstandarduserencryption", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_allowstandarduserencryption_1", + "children": [] + } + } + ] + } + } + }, + { + "id": "7", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_configurerecoverypasswordrotation", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_configurerecoverypasswordrotation_2", + "children": [] + } + } + }, + { + "id": "8", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_bitlocker_requiredeviceencryption", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_bitlocker_requiredeviceencryption_1", + "children": [] + } + } + } + ] +} diff --git a/policies/disableenumerationsam.json b/policies/disableenumerationsam.json new file mode 100644 index 0000000..a6fb0e7 --- /dev/null +++ b/policies/disableenumerationsam.json @@ -0,0 +1,37 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:14.9626923Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:14.9626923Z", + "name": "Disable Enumeration of SAM Accounts and Shares", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 1, + "technologies": "mdm", + "id": "716171c5-c2ed-4646-8ff6-1a6c3a023c7b", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_localpoliciessecurityoptions_networkaccess_donotallowanonymousenumerationofsamaccountsandshares", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_localpoliciessecurityoptions_networkaccess_donotallowanonymousenumerationofsamaccountsandshares_1", + "children": [] + } + } + } + ] +} diff --git a/policies/disablepua.json b/policies/disablepua.json new file mode 100644 index 0000000..28b0844 --- /dev/null +++ b/policies/disablepua.json @@ -0,0 +1,50 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:15.2243333Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:15.2243333Z", + "name": "Disable PUA", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 2, + "technologies": "mdm", + "id": "8cc8e5e5-a37c-4897-a59d-912b13d446f6", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "user_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "user_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled_1", + "children": [] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_puaprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_puaprotection_1", + "children": [] + } + } + } + ] +} diff --git a/policies/edge.json b/policies/edge.json new file mode 100644 index 0000000..6b04a93 --- /dev/null +++ b/policies/edge.json @@ -0,0 +1,295 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:19.7812969Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:19.7812969Z", + "name": "Edge", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 19, + "technologies": "mdm", + "id": "4480cbff-40b6-46ca-a87d-f22d8c61748f", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_enablenetworkprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_enablenetworkprotection_1", + "children": [] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist_extensioninstallblocklistdesc", + "settingInstanceTemplateReference": null, + "simpleSettingCollectionValue": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue", + "settingValueTemplateReference": null, + "value": "*" + } + ] + } + ] + } + } + }, + { + "id": "2", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev88.0.705.23~policy~microsoft_edge~httpauthentication_basicauthoverhttpenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev88.0.705.23~policy~microsoft_edge~httpauthentication_basicauthoverhttpenabled_0", + "children": [] + } + } + }, + { + "id": "3", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes_1", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes_authschemes", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue", + "settingValueTemplateReference": null, + "value": "ntlm,negotiate" + } + } + ] + } + } + }, + { + "id": "4", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~nativemessaging_nativemessaginguserlevelhosts", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~nativemessaging_nativemessaginguserlevelhosts_0", + "children": [] + } + } + }, + { + "id": "5", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge~privatenetworkrequestsettings_insecureprivatenetworkrequestsallowed", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge~privatenetworkrequestsettings_insecureprivatenetworkrequestsallowed_0", + "children": [] + } + } + }, + { + "id": "6", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_smartscreenenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_smartscreenenabled_1", + "children": [] + } + } + }, + { + "id": "7", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled_1", + "children": [] + } + } + }, + { + "id": "8", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverride", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverride_1", + "children": [] + } + } + }, + { + "id": "9", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverrideforfiles", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverrideforfiles_1", + "children": [] + } + } + }, + { + "id": "10", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge_internetexplorerintegrationreloadiniemodeallowed", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge_internetexplorerintegrationreloadiniemodeallowed_0", + "children": [] + } + } + }, + { + "id": "11", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslerroroverrideallowed", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslerroroverrideallowed_0", + "children": [] + } + } + }, + { + "id": "12", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev117~policy~microsoft_edge_internetexplorerintegrationzoneidentifiermhtfileallowed", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev117~policy~microsoft_edge_internetexplorerintegrationzoneidentifiermhtfileallowed_0", + "children": [] + } + } + }, + { + "id": "13", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev95~policy~microsoft_edge_browserlegacyextensionpointsblockingenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev95~policy~microsoft_edge_browserlegacyextensionpointsblockingenabled_1", + "children": [] + } + } + }, + { + "id": "14", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_siteperprocess", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_siteperprocess_1", + "children": [] + } + } + }, + { + "id": "15", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev97~policy~microsoft_edge_edgeenhanceimagesenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev97~policy~microsoft_edge_edgeenhanceimagesenabled_0", + "children": [] + } + } + }, + { + "id": "16", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev107~policy~microsoft_edge_websqlaccess", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev107~policy~microsoft_edge_websqlaccess_0", + "children": [] + } + } + }, + { + "id": "17", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev96~policy~microsoft_edge_internetexplorermodetoolbarbuttonenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev96~policy~microsoft_edge_internetexplorermodetoolbarbuttonenabled_0", + "children": [] + } + } + }, + { + "id": "18", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_microsoft_edgev111~policy~microsoft_edge_sharedarraybufferunrestrictedaccessallowed", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_microsoft_edgev111~policy~microsoft_edge_sharedarraybufferunrestrictedaccessallowed_0", + "children": [] + } + } + } + ] +} diff --git a/policies/passwordhistory.json b/policies/passwordhistory.json new file mode 100644 index 0000000..613f896 --- /dev/null +++ b/policies/passwordhistory.json @@ -0,0 +1,61 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-03T10:40:15.4158052Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-03T10:40:15.4158052Z", + "name": "Enforce password age & history", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 2, + "technologies": "mdm", + "id": "294af4d8-dbeb-47c3-ac75-9d7b0e1e8361", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_devicelock_devicepasswordenabled", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_devicelock_devicepasswordenabled_0", + "children": [ + { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_devicelock_devicepasswordhistory", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 24 + } + } + ] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_devicelock_minimumpasswordage", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 1 + } + } + } + ] +}