Public/TenantConfiguration/Baseline/SecurityBaselines/JyskIT-Baseline-SEC-SecurityBaseline.json
|
{
"displayName": "JyskIT-Baseline-SEC-SecurityBaseline", "description": "This configures many security settings for Windows 10+ devices, to the Jysk IT security baseline. Can contain breaking changes, and should be tested before deployment. Also used to specify minimum password/PIN requirements.", "settingsDelta": [ { "id": "9b3caccf-243a-4f67-8516-4e661682dd5b", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_appManagementMSIAlwaysInstallWithElevatedPrivileges", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "ed70ea1b-7f30-4a78-995e-8b4282d5d11b", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_bitLockerRemovableDrivePolicy", "@odata.type": "#microsoft.graph.deviceManagementComplexSettingInstance", "valueJson": "{\"requireEncryptionForWriteAccess\":false}" }, { "id": "07913c8f-8709-4fbc-b2d3-d0b742bee4ce", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_edgePreventCertificateErrorOverride", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "ad6c51b8-9df0-40e5-b03f-28558c6e833f", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_passwordExpirationDays", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": 0 }, { "id": "4213deab-7538-42d0-9c20-01a40a2a61d4", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_passwordMinimumCharacterSetCount", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": 1 }, { "id": "c2cfcd8e-fbf1-42ca-b9ed-7eea3a3d56e6", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_passwordMinimumLength", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": 4 }, { "id": "f2f8b6f7-6f4e-4d00-9f46-09275e61d53e", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_passwordSignInFailureCountBeforeFactoryReset", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": 0 }, { "id": "8e1666c4-a001-4028-b518-bd6c5ce244bd", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_passwordMinimumAgeInDays", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": 0 }, { "id": "af0c98b3-af83-42a4-b74f-c0802dc47a6a", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsDetectApplicationInstallationsAndPromptForElevation", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "c46e3722-09ad-4b26-ae0e-984670cb8685", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsAdministratorElevationPromptBehavior", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" }, { "id": "fbd6609b-76e6-4545-97d6-8d295c73e92c", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsStandardUserElevationPromptBehavior", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" }, { "id": "41b32ee1-b862-482a-aa93-bdf79001add2", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsAllowUIAccessApplicationsForSecureLocations", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "32ac817d-1af7-44a5-b5a3-8a92c57beae7", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsUseAdminApprovalModeForAdministrators", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "f63abcd5-176d-4963-8ca4-bac1ecd4c188", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsUseAdminApprovalMode", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "ecd18126-739f-47b6-a919-e8eb949e769b", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_localSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "d0e98a90-a30c-4753-b57d-3adae5af0723", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdobeReaderLaunchChildProcess", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" }, { "id": "01d7a94e-50ad-410c-a483-e4f5ca2d1fe9", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeCommunicationAppsLaunchChildProcess", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" }, { "id": "7dbc8ff3-f604-4b75-b5dd-15438d0fab7b", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderSignatureUpdateIntervalInHours", "@odata.type": "#microsoft.graph.deviceManagementIntegerSettingInstance", "value": null }, { "id": "c6d23b54-615d-4cef-b24d-4c7443bec8d2", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderScheduleScanDay", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "noScheduledScan" }, { "id": "100081d8-1e39-4dae-9b22-903d8c989a2e", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderScanNetworkFiles", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "b84bdcd1-1344-4dee-b35a-e227188074b8", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderRequireRealTimeMonitoring", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "e88a6d35-9b6c-41e4-9d5e-8954918a5356", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderRequireBehaviorMonitoring", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "242409bc-c2b3-4a6e-9ddf-6b4d3c9c7611", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderScanArchiveFiles", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "142ca4fd-e337-4425-9211-520c9cfe8518", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderRequireCloudProtection", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "7df48bef-d2d6-4670-a787-097d152515d6", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderScanIncomingMail", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "64080e92-ee44-43a9-bd54-5dd77bb3717f", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderScanRemovableDrivesDuringFullScan", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": false }, { "id": "075bba46-31e6-41ba-a74f-93d5ea00cd36", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAllowScanScriptsLoadedInInternetExplorer", "@odata.type": "#microsoft.graph.deviceManagementBooleanSettingInstance", "value": null }, { "id": "753c1d93-d58a-452b-b1ae-9acf3a489201", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsOtherProcessInjectionType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "3efb6294-4c27-41a8-aedd-feda8875d19c", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsExecutableContentCreationOrLaunchType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "dde75be1-b0ed-4654-b1f4-0a6eec73a3c2", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsLaunchChildProcessType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "bf4834d9-140f-4cc9-b898-aa11ae56a148", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeMacroCodeAllowWin32ImportsType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "b82a636c-20bc-4d8b-8f2b-5cd9cf3761eb", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptObfuscatedMacroCodeType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "f6c5cd28-cecb-49c8-88ae-1d4c2c801b70", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptDownloadedPayloadExecutionType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "11b99f9f-0e8a-46fc-b205-35569bb0c80f", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderEmailContentExecutionType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "2bf35b03-dd9c-4a7e-8b06-352185741a43", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderPreventCredentialStealingType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" }, { "id": "5eb8be48-188c-40a7-ad34-5455aa362b02", "definitionId": "deviceConfiguration--windows10GeneralConfiguration_defenderPotentiallyUnwantedAppAction", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "deviceDefault" }, { "id": "2c499fc2-433e-4075-be9c-92a99ea15fad", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderUntrustedUSBProcessType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "userDefined" }, { "id": "e89d5b00-f1ee-4527-b6a3-420cf1be872d", "definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderNetworkProtectionType", "@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance", "value": "notConfigured" } ], "roleScopeTagIds": [ "0" ] } |