DscConfig.M365

0.5.0

DSCResources/cIntuneSettingCatalogASRRulesPolicyWindows10/cIntuneSettingCatalogASRRulesPolicyWindows10.schema.psm1

                                configuration cIntuneSettingCatalogASRRulesPolicyWindows10 {

    param (

        [Parameter()]

        [hashtable[]]

        $Items

)

<#

IntuneSettingCatalogASRRulesPolicyWindows10 [String] #ResourceName

{

    DisplayName = [string]

    [AccessTokens = [string[]]]

    [ApplicationId = [string]]

    [ApplicationSecret = [PSCredential]]

    [Assignments = [MSFT_DeviceManagementConfigurationPolicyAssignments[]]]

    [AttackSurfaceReductionOnlyExclusions = [string[]]]

    [BlockAbuseOfExploitedVulnerableSignedDrivers = [string]{ audit | block | off | warn }]

    [BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions = [string[]]]

    [BlockAdobeReaderFromCreatingChildProcesses = [string]{ audit | block | off | warn }]

    [BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions = [string[]]]

    [BlockAllOfficeApplicationsFromCreatingChildProcesses = [string]{ audit | block | off | warn }]

    [BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions = [string[]]]

    [BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem = [string]{ audit | block | off | warn }]

    [BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions = [string[]]]

    [BlockExecutableContentFromEmailClientAndWebmail = [string]{ audit | block | off | warn }]

    [BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions = [string[]]]

    [BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion = [string]{ audit | block | off | warn }]

    [BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions = [string[]]]

    [BlockExecutionOfPotentiallyObfuscatedScripts = [string]{ audit | block | off | warn }]

    [BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions = [string[]]]

    [BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent = [string]{ audit | block | off | warn }]

    [BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions = [string[]]]

    [BlockOfficeApplicationsFromCreatingExecutableContent = [string]{ audit | block | off | warn }]

    [BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions = [string[]]]

    [BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses = [string]{ audit | block | off | warn }]

    [BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions = [string[]]]

    [BlockOfficeCommunicationAppFromCreatingChildProcesses = [string]{ audit | block | off | warn }]

    [BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions = [string[]]]

    [BlockPersistenceThroughWMIEventSubscription = [string]{ audit | block | off | warn }]

    [BlockProcessCreationsFromPSExecAndWMICommands = [string]{ audit | block | off | warn }]

    [BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions = [string[]]]

    [BlockRebootingMachineInSafeMode = [string]{ audit | block | off | warn }]

    [BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions = [string[]]]

    [BlockUntrustedUnsignedProcessesThatRunFromUSB = [string]{ audit | block | off | warn }]

    [BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions = [string[]]]

    [BlockUseOfCopiedOrImpersonatedSystemTools = [string]{ audit | block | off | warn }]

    [BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions = [string[]]]

    [BlockWebShellCreationForServers = [string]{ audit | block | off | warn }]

    [BlockWebshellCreationForServers_ASROnlyPerRuleExclusions = [string[]]]

    [BlockWin32APICallsFromOfficeMacros = [string]{ audit | block | off | warn }]

    [BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions = [string[]]]

    [CertificateThumbprint = [string]]

    [ControlledFolderAccessAllowedApplications = [string[]]]

    [ControlledFolderAccessProtectedFolders = [string[]]]

    [Credential = [PSCredential]]

    [DependsOn = [string[]]]

    [Description = [string]]

    [EnableControlledFolderAccess = [string]{ 0 | 1 | 2 }]

    [Ensure = [string]{ Absent | Present }]

    [Identity = [string]]

    [ManagedIdentity = [bool]]

    [PsDscRunAsCredential = [PSCredential]]

    [TenantId = [string]]

    [UseAdvancedProtectionAgainstRansomware = [string]{ audit | block | off | warn }]

    [UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions = [string[]]]

}

#>

    Import-DscResource -ModuleName PSDesiredStateConfiguration

    Import-DscResource -ModuleName Microsoft365DSC

    $dscResourceName = 'IntuneSettingCatalogASRRulesPolicyWindows10'

    $param = $PSBoundParameters

    $param.Remove("InstanceName")

    $dscParameterKeys = 'DisplayName' -split ', '

        foreach ($item in $Items)

        {

            if (-not $item.ContainsKey('Ensure'))

            {

                $item.Ensure = 'Present'

            }

            $keyValues = foreach ($key in $dscParameterKeys)

        {

            $item.$key

        }

        $executionName = $keyValues -join '_'

        $executionName = $executionName -replace "[\s()\\:*-+/{}```"']", '_'

        (Get-DscSplattedResource -ResourceName $dscResourceName -ExecutionName $executionName -Properties $item -NoInvoke).Invoke($item)

    }

}