[Bug]: Controlled Folder Access enabled but configured by Intune Policy not seen

[markuslosco]

Tools category

Harden Windows Security Module

Does your system meet the requirements?

• [X] Yes, my system meets the requirements 👍

Is your Windows installation genuine?

• [X] Yes, I am using genuine Windows installation. 💯

Please explain the bug

Controlled Folder Access is enabled and configured by a Intune Device Configuration Policy but in your script, compliance check that doesnt check that configuration and say it was disabled :-(

[HotCakeX]

Hi, does this

(Get-MpPreference).EnableControlledFolderAccess

return 1 when you run it on a computer that has Controlled folder access applied through Intune policy?

[markuslosco]

yes...

But i think i should say the complete story.. After apply the basisecurity rules... we need to reconfigure the local gpo to "not configured".. only after that is it possible to get Controlled Folder Access by a Intune Device Configuration Policy..

[HotCakeX]

Thank you for reporting it, I just released an update that fixes it. Please report any other discrepancy that you might find.

https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.4.2

But i think i should say the complete story.. After apply the basisecurity rules... we need to reconfigure the local gpo to "not configured".. only after that is it possible to get Controlled Folder Access by a Intune Device Configuration Policy..

That makes sense I think, better to either use Intune or Group policies only.