Microsoft365DSC
Microsoft365DSC copied to clipboard
microsoft
NewResourceName: Microsoft Intune - Security Baselines
Description
Hi,
Could you add the security baselines as an option to export and import in the Microsoft 365 DSC module?
These are the policies that are not available in the module at the moment:
Proposed properties
All of the policies would come in handy to be exported and imported.
Special considerations or limitations
If I'm not mistaken, the normal way to address a profile and its creation is by defining every last configurable property of it. For the security baselines, because they are all separate instances and not a common profile, all differ in their properties and thus need to be separated and all their properties must be defined in the respective cmdlet.
Proposition Create the following five cmdlets, each with their respective set of properties:
- MSFT_IntuneSecurityBaselineWindows10
- MSFT_IntuneSecurityBaselineMicrosoftDefenderForEndpoint
- MSFT_IntuneSecurityBaselineMicrosoftEdge
- MSFT_IntuneSecurityBaselineWindows365
- MSFT_IntuneSecurityBaselineMicrosoft365Apps
Note: The MSFT_IntuneSecurityBaselineMicrosoftEdge and MSFT_IntuneSecurityBaselineMicrosoft365Apps are not a baseline of the /intents subpath, they're rather part of the /devicemanagement/configurationpolicytemplates family.
@andikrueger, has there been any progress on improving Microsoft365DSC to consume all Intune Configuration? As of today we see that there are many missing components such as Security Baselines, Firewall, Apps, Scripts and remediations, etc..
This request for Security Baselines is nearly a year old so I would like to open a discussion on how we can get these missing components into a future release.
I know that the some of the missing components are old ways to manage the settings but I work with clients who still have them configured and we would really like Microsoft365DSC to report this to us.
Thanks, Dan.
If I'm not mistaken, the normal way to address a profile and its creation is by defining every last configurable property of it. For the security baselines, because they are all separate instances and not a common profile, all differ in their properties and thus need to be separated and all their properties must be defined in the respective cmdlet.
Proposition Create the following five cmdlets, each with their respective set of properties:
- MSFT_IntuneSecurityBaselineWindows10
- MSFT_IntuneSecurityBaselineMicrosoftDefenderForEndpoint
- MSFT_IntuneSecurityBaselineMicrosoftEdge
- MSFT_IntuneSecurityBaselineWindows365
- MSFT_IntuneSecurityBaselineMicrosoft365Apps
Note: The MSFT_IntuneSecurityBaselineMicrosoftEdge and MSFT_IntuneSecurityBaselineMicrosoft365Apps are not a baseline of the /intents subpath, they're rather part of the /devicemanagement/configurationpolicytemplates family.
But then they should be visible when I export the complete config. That is not the case. So, are they not supported?
new Windows 23H2 Security Baseline ist part of (Get)-MgBetaDeviceManagementConfigurationPolicy
new Windows 23H2 Security Baseline ist part of (Get)-MgBetaDeviceManagementConfigurationPolicy
True, and the new versions will also be available in settings catalog. So, I think we can close this one.
It is not part of the current Export, but part of the cmdlet. We can not close the issue
It is not part of the current Export, but part of the cmdlet. We can not close the issue
Agree. Is this on the working list? Just noticed the same thing when running a backup of the environment
@lar282 I have a list of resources that I will work on in the following weeks and months, but I can't promise a timeline (since this module is something I work on in my free time). But stay tuned for updates a bit later in the year.