search

microsoft / Microsoft365DSC

Manages, configures, extracts and monitors Microsoft 365 tenant configurations
https://aka.ms/M365DSC
MIT License
1.64k stars 503 forks source link

NewResourceName: Microsoft Intune - Security Baselines #3348

Open Ruthhl3ss opened 1 year ago

Ruthhl3ss commented 1 year ago

Description

Hi,

Could you add the security baselines as an option to export and import in the Microsoft 365 DSC module?

These are the policies that are not available in the module at the moment: chrome_6Z9bM5mm9L

Proposed properties

All of the policies would come in handy to be exported and imported.

Special considerations or limitations

FabienTschanz commented 1 year ago

If I'm not mistaken, the normal way to address a profile and its creation is by defining every last configurable property of it. For the security baselines, because they are all separate instances and not a common profile, all differ in their properties and thus need to be separated and all their properties must be defined in the respective cmdlet.

Proposition Create the following five cmdlets, each with their respective set of properties:

Note: The MSFT_IntuneSecurityBaselineMicrosoftEdge and MSFT_IntuneSecurityBaselineMicrosoft365Apps are not a baseline of the /intents subpath, they're rather part of the /devicemanagement/configurationpolicytemplates family.

satsuk81 commented 8 months ago

@andikrueger, has there been any progress on improving Microsoft365DSC to consume all Intune Configuration? As of today we see that there are many missing components such as Security Baselines, Firewall, Apps, Scripts and remediations, etc..

This request for Security Baselines is nearly a year old so I would like to open a discussion on how we can get these missing components into a future release.

I know that the some of the missing components are old ways to manage the settings but I work with clients who still have them configured and we would really like Microsoft365DSC to report this to us.

Thanks, Dan.

Ruthhl3ss commented 8 months ago

If I'm not mistaken, the normal way to address a profile and its creation is by defining every last configurable property of it. For the security baselines, because they are all separate instances and not a common profile, all differ in their properties and thus need to be separated and all their properties must be defined in the respective cmdlet.

Proposition Create the following five cmdlets, each with their respective set of properties:

  • MSFT_IntuneSecurityBaselineWindows10
  • MSFT_IntuneSecurityBaselineMicrosoftDefenderForEndpoint
  • MSFT_IntuneSecurityBaselineMicrosoftEdge
  • MSFT_IntuneSecurityBaselineWindows365
  • MSFT_IntuneSecurityBaselineMicrosoft365Apps

Note: The MSFT_IntuneSecurityBaselineMicrosoftEdge and MSFT_IntuneSecurityBaselineMicrosoft365Apps are not a baseline of the /intents subpath, they're rather part of the /devicemanagement/configurationpolicytemplates family.

But then they should be visible when I export the complete config. That is not the case. So, are they not supported?

AWeber78 commented 7 months ago

new Windows 23H2 Security Baseline ist part of (Get)-MgBetaDeviceManagementConfigurationPolicy

Ruthhl3ss commented 7 months ago

new Windows 23H2 Security Baseline ist part of (Get)-MgBetaDeviceManagementConfigurationPolicy

True, and the new versions will also be available in settings catalog. So, I think we can close this one.

AWeber78 commented 7 months ago

It is not part of the current Export, but part of the cmdlet. We can not close the issue

lar282 commented 2 months ago

It is not part of the current Export, but part of the cmdlet. We can not close the issue

Agree. Is this on the working list? Just noticed the same thing when running a backup of the environment

FabienTschanz commented 2 months ago

@lar282 I have a list of resources that I will work on in the following weeks and months, but I can't promise a timeline (since this module is something I work on in my free time). But stay tuned for updates a bit later in the year.