12/29/2023 0 Comments Applocker policy intune![]() ![]() Intune provides the ability to enable and configure Microsoft Defender Application Guard.Configure Controlled Folder Access by creating an Attack surface reduction policy in the Microsoft Endpoint Manager Admin Center, under Endpoint Security > Attack surface reduction.The configuration for Controlled Folder Access requires input that is unique to each organisation.Manage disk encryption with a Disk Encryption Endpoint Security policy.Consider the use of AaronLocker, which aims to make application control using AppLocker and Windows Defender Application Control (WDAC) as easy and practical as possible. Apply your organisations AppLocker policy via the AppLocker CSP. Organisations have unique Application Whitelisting requirements.It is still recommended to configure each of the settings below as a part of an end to end security strategy. What's not included?Īlthough the below settings are configured as a part of the ACSC Windows Hardening Guidelines, they have not been included in this version of the guidelines. See Microsoft Edge README for additional information and steps to import the policy. Organisations that are looking to harden only Microsoft Edge, without applying all additional Windows hardening recommended by the ACSC can use the supplied policy. See the Microsoft 365 Apps for Enterprise README for additional information and steps to import the policies. Organisations that are required to harden Microsoft 365 Apps for Enterprise (formerly known as Office 365 ProPlus) with the ACSC recommended hardening policies, including limiting the execution of macros to Trusted Publishers can use the supplied policies. ACSC Windows Hardening Guidelines documentation.Supplementary documentation has been provided for the ACSC Windows Hardening Guidelines policy, detailing each configured setting, description of the setting and a link to the corresponding Microsoft Docs page. A collection of PowerShell scripts that configures registry keys for settings that are currently unavailable to be configured via Settings Catalog.NET Framework 3.5 (and below) and Internet Explorer 11 (if on Windows 10). This PowerShell script removes PowerShell v2.0.UserApplicationHardening-RemoveFeatures.This Custom configuration profile configures specific User Rights Assignments to be blank, as recommended by the ACSC.ACSC Windows Hardening Guidelines-User Rights Assignment.ASR rules should be tested for compatibility issues in any environment before enforcement. This Attack Surface Reduction (ASR) policy configures each of the ASR rules recommended by the ACSC in audit mode. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |