Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
🦄 Transitioning from conventional registry-based verifications to assessing the Effective Status of implemented security settings wherever feasible in a hybrid way. This approach engages deeply with the operating system, ensuring greater accuracy.
🔥Intune policies verification. The Compliance checking is no longer limited to only Group Policy/Registry settings. If your workstation is controlled using Intune (modern workplace management) then you can use the Harden Windows Security module to verify the implementation of the policies and see what security score you receive according to this repo's guidelines.
Over time, more policies will be added for auditing, especially those in the Microsoft Security Baselines that are available as group policy packages and in the Intune portal.
Currently, over 160 policies are supported to be verified when they are applied through Intune portal. This number will keep going up in future updates.
✅ Added title and custom icon to the Harden Windows Security GUI.
✅ Re-implemented the entire compliance checking logic natively in C# achieving enhanced execution speed, strictly typed code, and a more interoperable codebase.
✅ Adjusted some compliance checks to be more practical.
✅ Implemented many of the remaining policies in Intune CSPs ready to be consumed.
✅ Removed the SpecialPollInterval that would configure the Windows time sync interval. When you run the Miscellaneous category next time, its registry key will automatically be removed if it exists. The reason for the removal is that Windows now has an even lower time interval by default, so this policy is no longer necessary.
The Harden Windows Security module always gracefully and automatically cleans up the policies that are decommissioned and no longer relevant, so the user does not have to manually remove them.
✅ Added a new policy to the Miscellaneous category: a policy that requests claims and compound authentication for Dynamic Access Control and Kerberos armoring.
More Kerberos hardening policies are on the way after further testing.
♾️There is a new record for the execution speed of the Confirm-SystemCompliance cmdlet. It now completes in only 7 seconds, all categories of it. This improved speed is despite the fact that so many new features were added and a lot more data sources are being processed.
What's New
🦄 Transitioning from conventional registry-based verifications to assessing the Effective Status of implemented security settings wherever feasible in a hybrid way. This approach engages deeply with the operating system, ensuring greater accuracy.
🔥Intune policies verification. The Compliance checking is no longer limited to only Group Policy/Registry settings. If your workstation is controlled using Intune (modern workplace management) then you can use the Harden Windows Security module to verify the implementation of the policies and see what security score you receive according to this repo's guidelines.
Over time, more policies will be added for auditing, especially those in the Microsoft Security Baselines that are available as group policy packages and in the Intune portal.
Currently, over 160 policies are supported to be verified when they are applied through Intune portal. This number will keep going up in future updates.
✅ Added title and custom icon to the Harden Windows Security GUI.
✅ Re-implemented the entire compliance checking logic natively in C# achieving enhanced execution speed, strictly typed code, and a more interoperable codebase.
✅ Adjusted some compliance checks to be more practical.
☁️ Updated many of the Intune policies.
✅ Implemented many of the remaining policies in Intune CSPs ready to be consumed.
✅ Removed the
SpecialPollInterval
that would configure the Windows time sync interval. When you run the Miscellaneous category next time, its registry key will automatically be removed if it exists. The reason for the removal is that Windows now has an even lower time interval by default, so this policy is no longer necessary.✅ Added a new policy to the Miscellaneous category: a policy that requests claims and compound authentication for Dynamic Access Control and Kerberos armoring.
♾️There is a new record for the execution speed of the
Confirm-SystemCompliance
cmdlet. It now completes in only 7 seconds, all categories of it. This improved speed is despite the fact that so many new features were added and a lot more data sources are being processed.