# Generated with Microsoft365DSC version 1.24.717.1 # For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC param ( ) Configuration M365TenantConfig { param ( ) $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.717.1' Node localhost { IntuneAntivirusPolicyWindows10SettingCatalog "IntuneAntivirusPolicyWindows10SettingCatalog-ASD Windows Hardening Guidelines - Antivirus" { allowarchivescanning = "1"; allowbehaviormonitoring = "1"; allowcloudprotection = "1"; allowemailscanning = "0"; allowfullscanremovabledrivescanning = "1"; allowintrusionpreventionsystem = "1"; allowioavprotection = "1"; allowonaccessprotection = "1"; allowrealtimemonitoring = "1"; allowscanningnetworkfiles = "1"; allowscriptscanning = "1"; allowuseruiaccess = "0"; ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments{ deviceAndAppManagementAssignmentFilterType = 'none' groupDisplayName = 'All users' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } ); avgcpuloadfactor = 50; CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; checkforsignaturesbeforerunningscan = "1"; cloudblocklevel = "2"; Description = ""; disablecatchupfullscan = "1"; disablecatchupquickscan = "1"; DisplayName = "ASD Windows Hardening Guidelines - Antivirus"; enablelowcpupriority = "1"; enablenetworkprotection = "1"; Ensure = "Present"; Identity = "f5ca44f0-d6c7-41d6-bf62-ac6ff1708d3a"; lowseveritythreats = "clean"; moderateseveritythreats = "quarantine"; puaprotection = "1"; realtimescandirection = "0"; scanparameter = "1"; schedulequickscantime = 120; schedulescanday = "0"; schedulescantime = 120; severethreats = "block"; signatureupdateinterval = 4; submitsamplesconsent = "1"; templateId = "804339ad-1553-4478-a742-138fb5807418_1"; TenantId = $OrganizationName; } IntuneEndpointDetectionAndResponsePolicyWindows10 "IntuneEndpointDetectionAndResponsePolicyWindows10-ASD Windows Hardening Guidelines - Endpoint Detection and Response" { ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments{ deviceAndAppManagementAssignmentFilterType = 'none' groupDisplayName = 'All users' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } ); CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Description = ""; DisplayName = "ASD Windows Hardening Guidelines - Endpoint Detection and Response"; Ensure = "Present"; Identity = "37e0d7be-8333-41a0-a2ee-c82661c083c1"; samplesharing = "0"; TenantId = $OrganizationName; } IntuneSettingCatalogASRRulesPolicyWindows10 "IntuneSettingCatalogASRRulesPolicyWindows10-ASD Windows Hardening Guidelines - Attack Surface Reduction" { ApplicationId = $ConfigurationData.NonNodeData.ApplicationId; Assignments = @( MSFT_DeviceManagementConfigurationPolicyAssignments{ deviceAndAppManagementAssignmentFilterType = 'none' groupDisplayName = 'All users' dataType = '#microsoft.graph.allLicensedUsersAssignmentTarget' } ); BlockAbuseOfExploitedVulnerableSignedDrivers = "block"; BlockAdobeReaderFromCreatingChildProcesses = "block"; BlockAllOfficeApplicationsFromCreatingChildProcesses = "block"; BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem = "block"; BlockExecutableContentFromEmailClientAndWebmail = "block"; BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion = "block"; BlockExecutionOfPotentiallyObfuscatedScripts = "block"; BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent = "block"; BlockOfficeApplicationsFromCreatingExecutableContent = "block"; BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses = "block"; BlockOfficeCommunicationAppFromCreatingChildProcesses = "block"; BlockPersistenceThroughWMIEventSubscription = "block"; BlockProcessCreationsFromPSExecAndWMICommands = "block"; BlockRebootingMachineInSafeMode = "block"; BlockUntrustedUnsignedProcessesThatRunFromUSB = "block"; BlockUseOfCopiedOrImpersonatedSystemTools = "block"; BlockWebshellCreationForServers = "block"; BlockWin32APICallsFromOfficeMacros = "block"; CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint; Description = ""; DisplayName = "ASD Windows Hardening Guidelines - Attack Surface Reduction"; EnableControlledFolderAccess = "0"; Ensure = "Present"; Identity = "d41957d9-8423-43d1-b5ee-317914e6485f"; TenantId = $OrganizationName; UseAdvancedProtectionAgainstRansomware = "block"; } } } M365TenantConfig -ConfigurationData .\ConfigurationData.psd1