What's New

• Added Intune policies to the repository for enterprise folks who want to quickly and easily add the same policies described in the Readme page to their environment. They are clear-text JSON files supported natively in the Intune portal. In the future this can be automated by the Harden Windows Security module.

• Added device compliance policy to the repository which can be used via Microsoft Graph API to import it to your Intune portal for secure device compliance policy for Windows OS devices.

  • Blog/Wiki post coming soon.

• Added preliminary code for support of compliance checking using the Confirm-SystemCompliance for enterprise systems that have Intune policies applied to them. So far only the Attack Surface Reduction category is fully supported.

  • in the very near future, all of the applicable categories will be supported.

• Fixed a bug where if you used cd to change the directory in PowerShell after loading the module, there would be an error in Confirm-SystemCompliance cmdlet due to relative path usage. -> #298

• Fixed a typo: Synching -> Syncing

• The TLS Category items in the Confirm-SystemCompliance results have more descriptive names.

• Updated the Bitlocker group policy to disallow TPM-only encryption for the OS drive. The TPM-only encryption is insecure and needs to be coupled with Startup PIN, Startup key or both and the Harden Windows Security module offers them.

Before:

After:

PR: #299