What's Changed

1. After performing a threat assessment, made the decision of shipping all of the important parts of the Harden Windows Security Module with itself in 1 package, so when you install it from PowerShell gallery, it no longer downloads or runs code from the GitHub, everything is available locally on your computer. This should provide more confidence and trust for the workflow of the code. Only resources such as plain text simple CSV files are downloaded from the repository. Those are explicitly and safely imported to a type defined variable.

2. Improved a requirement checks in the hardening measures after reporting a documentation issue and having it fixed:
   https://github.com/MicrosoftDocs/microsoft-365-docs/issues/12747

3. Substantially improved the displayed output of the Confirm-systemCompliance cmdlet. The values of the Compliant column, which are either True, False or N/A, are now color coded and False values blink. This makes it easier for you to quickly identify each value by simply scrolling through the result.

4. Added BitLocker check for the OS drive to make sure it's properly encrypted.

5. Removed the following items from the default security policy inf file because when they are used in Azure VMs using the Unprotect-WindowsSecurity cmdlet, they would cause problem, since Azure VMs use built-in administrator account and those accounts are renamed when you create the VM, set to the same username you choose during VM creation.

EnableAdminAccount = 0
EnableGuestAccount = 0
NewAdministratorName = "Administrator"
NewGuestName = "Guest"

1. The module and all of its features are completely and extensively tested on physical machines and virtual machines. The Harden Windows Security Module is fully compatible with Azure VM deployment and usage.

Documentation and How to use

You can find the module's documentation in here

PR: #104