Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create recommended Microsoft Intune policies #4

Open
ghost opened this issue Jun 18, 2020 · 0 comments
Open

Create recommended Microsoft Intune policies #4

ghost opened this issue Jun 18, 2020 · 0 comments
Labels
enhancement New feature or request
Projects
v1.0

Comments

@ghost
Copy link

ghost commented Jun 18, 2020

Feature Request

Is your feature request related to a problem?
As an administrator it would be helpful to have a mechanism to create recommended policies, so I can ensure that my tenant has a better security posture

Describe the solution you would like
Ideally there would be a cmdlet that would create policies with the recommended settings

New-SecMgmtIntuneRecommendedPolicies [-TenantId <identifier>]

Describe alternatives you have considered
It is possible to create compliance and configuration policies using .NET or the Intune PowerShell module. However, the recommended policies are not well defined which means that I have to develop code similar to the following

DeviceConfiguration endpointPolicy = await client.DeviceManagement.DeviceConfigurations.Request().AddAsync(new Windows10EndpointProtectionConfiguration
{
    BitLockerEncryptDevice = true,
    DefenderEmailContentExecutionType = DefenderAttackSurfaceType.AuditMode,
    DefenderGuardMyFoldersType = FolderProtectionType.AuditMode,
    DefenderNetworkProtectionType = DefenderProtectionType.AuditMode,
    DefenderOfficeAppsLaunchChildProcessType = DefenderAttackSurfaceType.AuditMode,
    DefenderOfficeAppsExecutableContentCreationOrLaunchType = DefenderAttackSurfaceType.AuditMode,
    DefenderScriptDownloadedPayloadExecutionType = DefenderAttackSurfaceType.AuditMode,
    DisplayName = "Windows 10 - Endpoint protection policy"
}).ConfigureAwait(false);

DeviceConfiguration generalPoliy = await client.DeviceManagement.DeviceConfigurations.Request().AddAsync(new Windows10GeneralConfiguration
{
    DefenderPromptForSampleSubmission = DefenderPromptForSampleSubmission.PromptBeforeSendingPersonalData,
    DefenderRequireCloudProtection = true,
    DefenderRequireRealTimeMonitoring = true,
    DisplayName = "Windows 10 - General configuration policy",
    EdgeRequireSmartScreen = true,
    PasswordMinutesOfInactivityBeforeScreenTimeout = 5
}).ConfigureAwait(false);
@ghost ghost added the enhancement New feature or request label Jun 18, 2020
@ghost ghost added this to To Do in v1.0 Jun 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
v1.0
  
To Do
Milestone
No milestone
Development

No branches or pull requests
0 participants