	Intune Documentation

	Xenter Inc Powered by www.wpninjas.eu 17:56 09.08.2024

No table of contents entries found.

Device Configuration (ADMX)

This section contains a list of all device configuration profiles which are backed by ADMX available in Intune.

Microsoft Edge Policy

Property	Value
createdDateTime	02/26/2024 17:30:37
displayName	Microsoft Edge Policy
description
roleScopeTagIds	0
policyConfigurationIngestionType	builtIn
id	3f39503f-bfc5-4da1-a731-d68e21aa04d6
lastModifiedDateTime	02/26/2024 17:30:38

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-		Include
All Devices	-	BuilIn	-	-		Include

Settings

DisplayName	Scope	Path	SupportedOn	State	Value
Configure extension installation allow list	machine	\Google\Google Chrome\Extensions	Microsoft Windows 7 or later	Enabled
Configure extension installation allow list	user	\Google\Google Chrome\Extensions	Microsoft Windows 7 or later	Enabled

Turn off Autoplay

Turns off autoplay for all drives

Property	Value
createdDateTime	11/04/2022 19:06:01
displayName	Turn off Autoplay
description	Turns off autoplay for all drives
roleScopeTagIds	0
policyConfigurationIngestionType	builtIn
id	e23a8a72-0f21-460f-820e-e5edf9e5fdb2
lastModifiedDateTime	11/04/2022 19:06:01

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-		Include
All Devices	-	BuilIn	-	-		Include

Settings

DisplayName	Scope	Path	SupportedOn	State	Value
Turn off Autoplay	machine	\Windows Components\AutoPlay Policies	At least Windows 2000	Enabled	255

Apple Configuration

This section contains the Apple specific Intune configuration. The following Apple push notification certificate is configured:

Property	Value
@odata.context	https://graph.microsoft.com/v1.0/$metadata\#deviceManagement/applePushNotificationCertificate/$entity
id	ba87e8e0-368a-4909-8048-a6701131709f
appleIdentifier	rex.linder@xentermd.com
topicIdentifier	com.apple.mgmt.External.e12d1b2e-b9d1-47ab-adf5-571830b4eca6
lastModifiedDateTime	05/21/2024 21:54:06
expirationDateTime	05/21/2025 21:43:35
certificateUploadStatus
certificateUploadFailureReason
certificateSerialNumber	00E1C6C8C4AC5848
certificate

Autopilot Profiles

This section contains a list of all Autopilot Profiles available in Intune.

Conference Rooms

Configure single app kiosk mode for Zoom Rooms.

Property	Value
@odata.type	#microsoft.graph.azureADWindowsAutopilotDeploymentProfile
id	42d09e04-afa2-4623-bda9-87cb2a23cc48
displayName	Conference Rooms
description	Configure single app kiosk mode for Zoom Rooms.
language	en-US
locale	en-US
createdDateTime	07/27/2023 19:15:01
lastModifiedDateTime	07/28/2023 19:39:25
enrollmentStatusScreenSettings
extractHardwareHash	True
hardwareHashExtractionEnabled	True
deviceNameTemplate	XMD-%SERIAL%
deviceType	windowsPc
enableWhiteGlove
preprovisioningAllowed
roleScopeTagIds	0
managementServiceAppId
outOfBoxExperienceSettings	@{hidePrivacySettings=True; hideEULA=True; userType=standard; deviceUsageType=shared; skipKeyboardSelectionPage=True; hideEscapeLink=True}
outOfBoxExperienceSetting	@{privacySettingsHidden=True; eulaHidden=True; userType=standard; deviceUsageType=shared; keyboardSelectionPageSkipped=True; escapeLinkHidden=True}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Conference Rooms	1	Static	(device.devicePhysicalIDs -any (_ -contains “[ZTDID]”)) and (device.devicePhysicalIds -contains “[OrderID]:conferenceroom”)	-	direct	Include

User Devices

General provisioning that applies to employee devices.

Property	Value
@odata.type	#microsoft.graph.azureADWindowsAutopilotDeploymentProfile
id	ace3d212-4bc5-4475-bca8-8bde1ad1b8d3
displayName	User Devices
description	General provisioning that applies to employee devices.
language	os-default
locale	os-default
createdDateTime	06/13/2023 21:58:47
lastModifiedDateTime	07/27/2023 18:53:46
enrollmentStatusScreenSettings
extractHardwareHash	True
hardwareHashExtractionEnabled	True
deviceNameTemplate	XMD-%SERIAL%
deviceType	windowsPc
enableWhiteGlove	True
preprovisioningAllowed	True
roleScopeTagIds	0
managementServiceAppId
outOfBoxExperienceSettings	@{hidePrivacySettings=True; hideEULA=True; userType=standard; deviceUsageType=singleUser; skipKeyboardSelectionPage=True; hideEscapeLink=True}
outOfBoxExperienceSetting	@{privacySettingsHidden=True; eulaHidden=True; userType=standard; deviceUsageType=singleUser; keyboardSelectionPageSkipped=True; escapeLinkHidden=True}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Employee Computers	1	DynamicDevice	(device.devicePhysicalIDs -any (_ -contains “[ZTDID]”)) and (device.devicePhysicalIds -notContains “[OrderID]:conferenceroom”)	-	direct	Include

Compliance Policies

This section contains a list of all compliances policies available in Intune.

Default Windows 10 Compliance Policy

Property	Value
@odata.type	#microsoft.graph.windows10CompliancePolicy
roleScopeTagIds	0
id	191dfb82-e574-433c-9417-ae34027cd131
createdDateTime	08/14/2020 22:10:50
description
lastModifiedDateTime	06/29/2023 22:19:18
displayName	Default Windows 10 Compliance Policy
version	6
passwordRequired
passwordBlockSimple
passwordRequiredToUnlockFromIdle
passwordMinutesOfInactivityBeforeLock
passwordExpirationDays
passwordMinimumLength
passwordMinimumCharacterSetCount
passwordRequiredType	deviceDefault
passwordPreviousPasswordBlockCount
requireHealthyDeviceReport
osMinimumVersion	10.0.19042.1706
osMaximumVersion
mobileOsMinimumVersion
mobileOsMaximumVersion
earlyLaunchAntiMalwareDriverEnabled
bitLockerEnabled	True
secureBootEnabled	True
codeIntegrityEnabled	True
memoryIntegrityEnabled
kernelDmaProtectionEnabled
virtualizationBasedSecurityEnabled
firmwareProtectionEnabled
storageRequireEncryption	True
activeFirewallRequired	True
defenderEnabled	True
defenderVersion	4.18.1909.6
signatureOutOfDate	True
rtpEnabled	True
antivirusRequired	True
antiSpywareRequired	True
deviceThreatProtectionEnabled	True
deviceThreatProtectionRequiredSecurityLevel	medium
configurationManagerComplianceRequired
tpmRequired	True
deviceCompliancePolicyScript
validOperatingSystemBuildRanges

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include

Default compliance policy for Android

900f8baa-812e-4886-a598-61f73001bae8

Property	Value
@odata.type	#microsoft.graph.androidCompliancePolicy
roleScopeTagIds	0
id	6351f163-7d4c-d232-81d6-5c3b8f29fcfe
createdDateTime	04/30/2020 03:52:01
description	900f8baa-812e-4886-a598-61f73001bae8
lastModifiedDateTime	06/29/2023 22:52:58
displayName	Default compliance policy for Android
version	3
passwordRequired
passwordMinimumLength
passwordRequiredType	deviceDefault
requiredPasswordComplexity	none
passwordMinutesOfInactivityBeforeLock	15
passwordExpirationDays
passwordPreviousPasswordBlockCount
passwordSignInFailureCountBeforeFactoryReset
securityPreventInstallAppsFromUnknownSources	True
securityDisableUsbDebugging	True
securityRequireVerifyApps	True
deviceThreatProtectionEnabled	True
deviceThreatProtectionRequiredSecurityLevel	secured
advancedThreatProtectionRequiredSecurityLevel	medium
securityBlockJailbrokenDevices	True
securityBlockDeviceAdministratorManagedDevices	True
osMinimumVersion	12
osMaximumVersion
minAndroidSecurityPatchLevel
storageRequireEncryption	True
securityRequireSafetyNetAttestationBasicIntegrity	True
securityRequireSafetyNetAttestationCertifiedDevice	True
securityRequireGooglePlayServices	True
securityRequireUpToDateSecurityProviders	True
securityRequireCompanyPortalAppIntegrity	True
conditionStatementId
restrictedApps

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
	0	Static	-	-	direct	Include

Device Configuration Policies (Settings Catalog)

This section contains a list of all device configuration policies available in Intune.

Alllow KnowBe4 Second Chance

Exception to allow Outlook to start a child process for KnowBe4 Second Chance .

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
08/04/2023 20:37:10	Migration_DI_643b593b-bf98-4d22-adfc-b2374fddb13c	Exception to allow Outlook to start a child process for KnowBe4 Second Chance .	08/04/2023 20:37:10	Alllow KnowBe4 Second Chance	windows10		0	1	mdm,microsoftSense	2b4307b1-9283-4e43-85ee-7c2d53441a7f	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Attack Surface Reduction Only Exclusions	device_vendor_msft_policy_config_defender_attacksurfacereductiononlyexclusions	Defender	C:\Program Files (x86)\KnowBe4\Second Chance\

Block process creation PSExec and WMI

Block process creations originating from PSExec and WMI commands

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
11/04/2022 19:13:51		Block process creations originating from PSExec and WMI commands	11/04/2022 19:13:51	Block process creation PSExec and WMI	windows10		0	1	mdm,microsoftSense	f0c85af1-422f-4bee-83cd-460581bb4bc7	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Block process creations originating from PSExec and WMI commands	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands	Defender	block	Block

BlockAdobeCreateChildProcess

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
05/31/2022 16:42:35			12/05/2022 21:05:20	BlockAdobeCreateChildProcess	windows10		0	1	mdm,microsoftSense	ef304928-5e58-4e29-b180-7251d52f76f4	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Block Adobe Reader from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses	Defender	audit	Audit

BlockExecutableFromEmail Audit

Block executable content from email client and webmail

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
11/04/2022 21:43:09		Block executable content from email client and webmail	11/04/2022 21:43:09	BlockExecutableFromEmail Audit	windows10		0	1	mdm,microsoftSense	49bbc575-9998-4471-9fef-b1b1c8aa2ce0	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Block executable content from email client and webmail	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail	Defender	audit	Audit

BlockOfficeCreateProcessRule

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability:
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
05/31/2022 16:36:53		Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/	05/31/2022 19:03:07	BlockOfficeCreateProcessRule	windows10		0	1	mdm,microsoftSense	6f656fbb-cc2b-471f-a87d-0758685d6d35	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Block Office communication application from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses	Defender	audit	Audit
Block all Office applications from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses	Defender	audit	Audit

Default EDR policy for all devices

Default EDR policy for targetting all tenants devices, created by MDE.

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
12/05/2023 19:38:14	Migration_DI_8af9d54a-d7d2-44b1-8e84-23eafe707b81	Default EDR policy for targetting all tenants devices, created by MDE.	12/05/2023 19:38:14	Default EDR policy for all devices	windows10		0	2	mdm,microsoftSense	93ab48b3-2a7a-4704-8670-67da475b56f0	@{templateId=0385b795-0f2f-44ac-8602-9f65bf6adede_1; templateFamily=endpointSecurityEndpointDetectionAndResponse; templateDisplayName=Endpoint detection and response; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Microsoft Defender for Endpoint client configuration package type	device_vendor_msft_windowsadvancedthreatprotection_configurationtype	Microsoft Defender for Endpoint	autofromconnector	Auto from connector
[Deprecated] Telemetry Reporting Frequency	device_vendor_msft_windowsadvancedthreatprotection_configuration_telemetryreportingfrequency	Microsoft Defender for Endpoint	2	Expedite

EnableControlledFolderAccess

Protects files, folders, and memory areas on devices from unauthorized changes by unfriendly applications such as ransomware.

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
05/31/2022 16:41:35		Protects files, folders, and memory areas on devices from unauthorized changes by unfriendly applications such as ransomware.	05/31/2022 18:39:14	EnableControlledFolderAccess	windows10		0	4	mdm,microsoftSense	be377908-d5e9-4030-a93c-bab12d04a4c4	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Use advanced protection against ransomware	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware	Defender	block	Block
Enable Controlled Folder Access	device_vendor_msft_policy_config_defender_enablecontrolledfolderaccess	Defender	2	Audit Mode
Controlled Folder Access Protected Folders	device_vendor_msft_policy_config_defender_controlledfolderaccessprotectedfolders	Defender	C:\Users
Controlled Folder Access Allowed Applications	device_vendor_msft_policy_config_defender_controlledfolderaccessallowedapplications	Defender	System.Object[]

Firewall Windows default policy

Default policy sets settings for all endpoints that are not governed by any other policy, ensuring that all your clients are managed as soon as MDE is deployed. The default policy is based on a set of pre-configured recommended settings and can be adjusted by user with admin priviledges.

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
03/30/2022 23:10:54	MdeDeviceConfigurationPolicies	Default policy sets settings for all endpoints that are not governed by any other policy, ensuring that all your clients are managed as soon as MDE is deployed. The default policy is based on a set of pre-configured recommended settings and can be adjusted by user with admin priviledges.	03/30/2022 23:10:54	Firewall Windows default policy	windows10		0	3	mdm,microsoftSense	1a26b955-e4d1-46ad-90d5-915e768e3dd9	@{templateId=6078910e-d808-4a9f-a51d-1b8a7bacb7c0_1; templateFamily=endpointSecurityFirewall; templateDisplayName=Windows Firewall; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Enable Domain Network Firewall	vendor_msft_firewall_mdmstore_domainprofile_enablefirewall	Firewall	true	True
Enable Private Network Firewall	vendor_msft_firewall_mdmstore_privateprofile_enablefirewall	Firewall	true	True
Enable Public Network Firewall	vendor_msft_firewall_mdmstore_publicprofile_enablefirewall	Firewall	true	True

Force Enable Application Guard

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
12/07/2023 22:35:46	Migration_DI_fa9d58e2-d638-4b44-a7be-61c1bd977621		06/19/2024 20:28:42	Force Enable Application Guard	windows10		0	2	mdm	fd5a2be0-e814-4758-ac1d-b0afe8ba024a	@{templateId=9f667e40-8f3c-4f88-80d8-457f16906315_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=App and Browser Isolation; templateDisplayVersion=Version 1}

Settings

DisplayName	ID	Path	Value	ValueName
Turn on Microsoft Defender Application Guard	device_vendor_msft_windowsdefenderapplicationguard_settings_allowwindowsdefenderapplicationguard	Microsoft Defender Application Guard	0	Disabled
Audit Application Guard	device_vendor_msft_windowsdefenderapplicationguard_audit_auditapplicationguard	Microsoft Defender Application Guard	0	Disabled

Full ASR Rule Audit

Audit Mode for ASR Rules

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
11/21/2022 20:45:59		Audit Mode for ASR Rules	11/21/2022 20:45:59	Full ASR Rule Audit	windows10		0	1	mdm,microsoftSense	15c9fbb3-cb19-4c27-b3a5-fe5d116b0dbb	@{templateId=e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1; templateFamily=endpointSecurityAttackSurfaceReduction; templateDisplayName=Attack Surface Reduction Rules; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-	direct	Include
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Block Adobe Reader from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockadobereaderfromcreatingchildprocesses	Defender	audit	Audit
Block execution of potentially obfuscated scripts	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutionofpotentiallyobfuscatedscripts	Defender	audit	Audit
Block Win32 API calls from Office macros	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockwin32apicallsfromofficemacros	Defender	audit	Audit
Block credential stealing from the Windows local security authority subsystem	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockcredentialstealingfromwindowslocalsecurityauthoritysubsystem	Defender	audit	Audit
Block executable files from running unless they meet a prevalence, age, or trusted list criterion	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablefilesrunningunlesstheymeetprevalenceagetrustedlistcriterion	Defender	audit	Audit
Block JavaScript or VBScript from launching downloaded executable content	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockjavascriptorvbscriptfromlaunchingdownloadedexecutablecontent	Defender	audit	Audit
Block Office communication application from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficecommunicationappfromcreatingchildprocesses	Defender	audit	Audit
Block all Office applications from creating child processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockallofficeapplicationsfromcreatingchildprocesses	Defender	audit	Audit
Block untrusted and unsigned processes that run from USB	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockuntrustedunsignedprocessesthatrunfromusb	Defender	audit	Audit
Block process creations originating from PSExec and WMI commands	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockprocesscreationsfrompsexecandwmicommands	Defender	audit	Audit
Block persistence through WMI event subscription	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockpersistencethroughwmieventsubscription	Defender	audit	Audit
Block Office applications from creating executable content	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfromcreatingexecutablecontent	Defender	audit	Audit
Block Office applications from injecting code into other processes	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockofficeapplicationsfrominjectingcodeintootherprocesses	Defender	audit	Audit
Use advanced protection against ransomware	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_useadvancedprotectionagainstransomware	Defender	audit	Audit
Block executable content from email client and webmail	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockexecutablecontentfromemailclientandwebmail	Defender	audit	Audit
Block abuse of exploited vulnerable signed drivers (Device)	device_vendor_msft_policy_config_defender_attacksurfacereductionrules_blockabuseofexploitedvulnerablesigneddrivers	Defender	audit	Audit

MS Edge Baseline

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
06/30/2023 17:26:33			04/04/2024 16:55:18	MS Edge Baseline	windows10		0	18	mdm	ff8c048c-6b0a-4624-8bd4-a08b0cf8de68	@{templateId=c66347b7-8325-4954-a235-3bf2233dfbfd_1; templateFamily=baseline; templateDisplayName=Security Baseline for Microsoft Edge; templateDisplayVersion=Version 112}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Windows	1	DynamicDevice	(device.deviceOSType -eq “Windows”)	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Control which extensions cannot be installed	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~extensions_extensioninstallblocklist	Microsoft Edge\Extensions	1	Enabled
Allow Basic authentication for HTTP	device_vendor_msft_policy_config_microsoft_edgev88.0.705.23~policy~microsoft_edge~httpauthentication_basicauthoverhttpenabled	Microsoft Edge\HTTP authentication	0	Disabled
Supported authentication schemes	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~httpauthentication_authschemes	Microsoft Edge\HTTP authentication	1	Enabled
Allow user-level native messaging hosts (installed without admin permissions)	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~nativemessaging_nativemessaginguserlevelhosts	Microsoft Edge\Native Messaging	0	Disabled
Enable saving passwords to the password manager	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~passwordmanager_passwordmanagerenabled	Microsoft Edge\Password manager and protection	0	Disabled
Specifies whether to allow insecure websites to make requests to more-private network endpoints	device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge~privatenetworkrequestsettings_insecureprivatenetworkrequestsallowed	Microsoft Edge\ Private Network Request Settings	0	Disabled
Configure Microsoft Defender SmartScreen	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_smartscreenenabled	Microsoft Edge\SmartScreen settings	1	Enabled
Configure Microsoft Defender SmartScreen to block potentially unwanted apps	device_vendor_msft_policy_config_microsoft_edgev80diff~policy~microsoft_edge~smartscreen_smartscreenpuaenabled	Microsoft Edge\SmartScreen settings	1	Enabled
Prevent bypassing Microsoft Defender SmartScreen prompts for sites	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge~smartscreen_preventsmartscreenpromptoverride	Microsoft Edge\SmartScreen settings	1	Enabled
Allow unconfigured sites to be reloaded in Internet Explorer mode	device_vendor_msft_policy_config_microsoft_edgev92~policy~microsoft_edge_internetexplorerintegrationreloadiniemodeallowed	Microsoft Edge	0	Disabled
Allow users to proceed from the HTTPS warning page	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslerroroverrideallowed	Microsoft Edge	0	Disabled
Enable browser legacy extension point blocking	device_vendor_msft_policy_config_microsoft_edgev95~policy~microsoft_edge_browserlegacyextensionpointsblockingenabled	Microsoft Edge	1	Enabled
Enable site isolation for every site	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_siteperprocess	Microsoft Edge	1	Enabled
Enhance images enabled	device_vendor_msft_policy_config_microsoft_edgev97~policy~microsoft_edge_edgeenhanceimagesenabled	Microsoft Edge	0	Disabled
Force WebSQL to be enabled	device_vendor_msft_policy_config_microsoft_edgev107~policy~microsoft_edge_websqlaccess	Microsoft Edge	0	Disabled
Minimum TLS version enabled	device_vendor_msft_policy_config_microsoft_edge~policy~microsoft_edge_sslversionmin	Microsoft Edge	1	Enabled
Show the Reload in Internet Explorer mode button in the toolbar	device_vendor_msft_policy_config_microsoft_edgev96~policy~microsoft_edge_internetexplorermodetoolbarbuttonenabled	Microsoft Edge	0	Disabled
Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context	device_vendor_msft_policy_config_microsoft_edgev111~policy~microsoft_edge_sharedarraybufferunrestrictedaccessallowed	Microsoft Edge	0	Disabled

NGP Windows default policy

createdDateTime	creationSource	description	lastModifiedDateTime	name	platforms	priorityMetaData	roleScopeTagIds	settingCount	technologies	id	templateReference
03/30/2022 23:10:54	MdeDeviceConfigurationPolicies	Default policy sets settings for all endpoints that are not governed by any other policy, ensuring that all your clients are managed as soon as MDE is deployed. The default policy is based on a set of pre-configured recommended settings and can be adjusted by user with admin priviledges.	07/07/2023 19:23:08	NGP Windows default policy	windows10		0	27	mdm,microsoftSense	b28bc355-0c75-4460-b7f3-e2c7ae73eb0a	@{templateId=804339ad-1553-4478-a742-138fb5807418_1; templateFamily=endpointSecurityAntivirus; templateDisplayName=Microsoft Defender Antivirus; templateDisplayVersion=Version 1}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

Settings

DisplayName	ID	Path	Value	ValueName
Allow Archive Scanning	device_vendor_msft_policy_config_defender_allowarchivescanning	Defender	1	Allowed. Scans the archive files.
Allow Behavior Monitoring	device_vendor_msft_policy_config_defender_allowbehaviormonitoring	Defender	1	Allowed. Turns on real-time behavior monitoring.
Allow Cloud Protection	device_vendor_msft_policy_config_defender_allowcloudprotection	Defender	1	Allowed. Turns on Cloud Protection.
Allow Email Scanning	device_vendor_msft_policy_config_defender_allowemailscanning	Defender	1	Allowed. Turns on email scanning.
Allow Full Scan On Mapped Network Drives	device_vendor_msft_policy_config_defender_allowfullscanonmappednetworkdrives	Defender	0	Not allowed. Disables scanning on mapped network drives.
Allow Full Scan Removable Drive Scanning	device_vendor_msft_policy_config_defender_allowfullscanremovabledrivescanning	Defender	1	Allowed. Scans removable drives.
Allow scanning of all downloaded files and attachments	device_vendor_msft_policy_config_defender_allowioavprotection	Defender	1	Allowed.
Allow Realtime Monitoring	device_vendor_msft_policy_config_defender_allowrealtimemonitoring	Defender	1	Allowed. Turns on and runs the real-time monitoring service.
Allow Scanning Network Files	device_vendor_msft_policy_config_defender_allowscanningnetworkfiles	Defender	0	Not allowed. Turns off scanning of network files.
Allow Script Scanning	device_vendor_msft_policy_config_defender_allowscriptscanning	Defender	1	Allowed.
Allow User UI Access	device_vendor_msft_policy_config_defender_allowuseruiaccess	Defender	1	Allowed. Lets users access UI.
Avg CPU Load Factor	device_vendor_msft_policy_config_defender_avgcpuloadfactor	Defender	50
Check For Signatures Before Running Scan	device_vendor_msft_policy_config_defender_checkforsignaturesbeforerunningscan	Defender	1	Enabled
Cloud Block Level	device_vendor_msft_policy_config_defender_cloudblocklevel	Defender	2	High
Cloud Extended Timeout	device_vendor_msft_policy_config_defender_cloudextendedtimeout	Defender	50
Days To Retain Cleaned Malware	device_vendor_msft_policy_config_defender_daystoretaincleanedmalware	Defender	0
Disable Catchup Full Scan	device_vendor_msft_policy_config_defender_disablecatchupfullscan	Defender	0	Disabled
Disable Catchup Quick Scan	device_vendor_msft_policy_config_defender_disablecatchupquickscan	Defender	0	Disabled
Enable Low CPU Priority	device_vendor_msft_policy_config_defender_enablelowcpupriority	Defender	0	Disabled
Enable Network Protection	device_vendor_msft_policy_config_defender_enablenetworkprotection	Defender	1	Enabled (block mode)
PUA Protection	device_vendor_msft_policy_config_defender_puaprotection	Defender	1	PUA Protection on. Detected items are blocked. They will show in history along with other threats.
Real Time Scan Direction	device_vendor_msft_policy_config_defender_realtimescandirection	Defender	0	Monitor all files (bi-directional).
Scan Parameter	device_vendor_msft_policy_config_defender_scanparameter	Defender	1	Quick scan
Schedule Quick Scan Time	device_vendor_msft_policy_config_defender_schedulequickscantime	Defender	720
Schedule Scan Day	device_vendor_msft_policy_config_defender_schedulescanday	Defender	2	Monday
Signature Update Interval	device_vendor_msft_policy_config_defender_signatureupdateinterval	Defender	4
Submit Samples Consent	device_vendor_msft_policy_config_defender_submitsamplesconsent	Defender	1	Send safe samples automatically.

Device Configuration

This section contains a list of all device configuration profiles available in Intune.

ADMX Firefox Default Policies

Default Firefox policies to enhance security and usability.

Property	Value
@odata.type	#microsoft.graph.windows10CustomConfiguration
id	2bc3f272-cb4c-486b-b010-6ee05c40bd49
lastModifiedDateTime	07/06/2022 18:34:07
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	11/08/2021 19:03:51
description	Default Firefox policies to enhance security and usability.
displayName	ADMX Firefox Default Policies
version	7
omaSettings

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	apply	direct	Include

Custom OMA-Uri

@odata.type	displayName	description	omaUri	secretReferenceValueId	isEncrypted	value
#microsoft.graph.omaSettingString	Firefox ADMX	Default Firefox Settings	./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_2bc3f272-cb4c-486b-b010-6ee05c40bd49_b1f1e87d-fc54-4ae5-81f9-1bd8b3dec644	True	****
#microsoft.graph.omaSettingString	Required Extensions	List of extensions to force install	./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_2bc3f272-cb4c-486b-b010-6ee05c40bd49_f3ec6f4a-f12d-4f51-9978-6cadec4973c1	True	****

Baseline Android Device Restrictions

Property	Value
@odata.type	#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration
id	a8b4eeb8-0204-4964-9a6d-a99e7cb17cf4
lastModifiedDateTime	06/29/2023 22:56:31
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	11/16/2021 19:13:08
description
displayName	Baseline Android Device Restrictions
version	2
passwordBlockFaceUnlock
passwordBlockFingerprintUnlock
passwordBlockIrisUnlock
passwordBlockTrustAgents
passwordExpirationDays	365
passwordMinimumLength	10
passwordMinutesOfInactivityBeforeScreenTimeout	15
passwordPreviousPasswordBlockCount	5
passwordSignInFailureCountBeforeFactoryReset	5
passwordRequiredType	required
requiredPasswordComplexity	medium
workProfileAllowAppInstallsFromUnknownSources
workProfileDataSharingType	allowPersonalToWork
workProfileBlockNotificationsWhileDeviceLocked
workProfileBlockAddingAccounts
workProfileBluetoothEnableContactSharing
workProfileBlockScreenCapture
workProfileBlockCrossProfileCallerId
workProfileBlockCamera
workProfileBlockCrossProfileContactsSearch
workProfileBlockCrossProfileCopyPaste
workProfileDefaultAppPermissionPolicy	prompt
workProfilePasswordBlockFaceUnlock
workProfilePasswordBlockFingerprintUnlock
workProfilePasswordBlockIrisUnlock
workProfilePasswordBlockTrustAgents
workProfilePasswordExpirationDays
workProfilePasswordMinimumLength
workProfilePasswordMinNumericCharacters
workProfilePasswordMinNonLetterCharacters
workProfilePasswordMinLetterCharacters
workProfilePasswordMinLowerCaseCharacters
workProfilePasswordMinUpperCaseCharacters
workProfilePasswordMinSymbolCharacters
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout
workProfilePasswordPreviousPasswordBlockCount
workProfilePasswordSignInFailureCountBeforeFactoryReset
workProfilePasswordRequiredType	deviceDefault
workProfileRequiredPasswordComplexity	none
workProfileRequirePassword
securityRequireVerifyApps	True
vpnAlwaysOnPackageIdentifier
vpnEnableAlwaysOnLockdownMode
workProfileAllowWidgets
workProfileBlockPersonalAppInstallsFromUnknownSources	True
workProfileAccountUse	allowAllExceptGoogleAccounts
allowedGoogleAccountDomains
blockUnifiedPasswordForWorkProfile

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
	0	Static	-	apply	direct	Include

Disable MS WUDO

Disables Microsofts P2P local network update sharing.

Property	Value
@odata.type	#microsoft.graph.windowsDeliveryOptimizationConfiguration
id	a4e50ef4-36e6-4d40-b072-adb3ae1d6ee9
lastModifiedDateTime	07/27/2022 19:48:10
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	07/27/2022 19:48:10
description	Disables Microsofts P2P local network update sharing.
displayName	Disable MS WUDO
version	1
deliveryOptimizationMode	simpleDownload
restrictPeerSelectionBy	notConfigured
groupIdSource
bandwidthMode
backgroundDownloadFromHttpDelayInSeconds
foregroundDownloadFromHttpDelayInSeconds
minimumRamAllowedToPeerInGigabytes
minimumDiskSizeAllowedToPeerInGigabytes
minimumFileSizeToCacheInMegabytes
minimumBatteryPercentageAllowedToUpload
modifyCacheLocation
maximumCacheAgeInDays
maximumCacheSize
vpnPeerCaching	notConfigured
cacheServerHostNames
cacheServerForegroundDownloadFallbackToHttpDelayInSeconds
cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	apply	direct	Include
All Devices	-	BuilIn	-	apply	direct	Include

Mac Approve System Extensions

This profile is needed for MacOS 10.15 (Catalina) or newer. It will be ignored on older MacOS.

Property	Value
@odata.type	#microsoft.graph.macOSExtensionsConfiguration
id	175c09f6-f23c-4d11-bda3-4a8714c81c6b
lastModifiedDateTime	04/08/2022 16:18:44
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:14:57
description	This profile is needed for MacOS 10.15 (Catalina) or newer. It will be ignored on older MacOS.
displayName	Mac Approve System Extensions
version	2
kernelExtensionOverridesAllowed
kernelExtensionAllowedTeamIdentifiers
systemExtensionsBlockOverride
systemExtensionsAllowedTeamIdentifiers
kernelExtensionsAllowed
systemExtensionsAllowed
systemExtensionsAllowedTypes

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac Defender for Endpoint Full Disk Access

MacOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.
This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint.

Property	Value
@odata.type	#microsoft.graph.macOSCustomConfiguration
id	4e6ba603-3ae3-4951-9e9e-80a0196bb6e2
lastModifiedDateTime	04/08/2022 16:27:10
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:24:29
description	MacOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device. This configuration profile grants Full Disk Access to Microsoft Defender for Endpoint.
displayName	Mac Defender for Endpoint Full Disk Access
version	2
payloadName	Mac MDATP Full Disk Access
payloadFileName	fulldisk.mobileconfig
payload	PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9uPSIxIj4KPGRpY3Q+CjxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KPHN0cmluZz4xODZEQjI2RS1COTZGLTREMUItOUM4MC02QUQ3RUZGODdEMDE8L3N0cmluZz4KPGtleT5QYXlsb2FkVHlwZTwva2V5Pgo8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CjxzdHJpbmc+TWljcm9zb2Z0IENvcnBvcmF0aW9uPC9zdHJpbmc+CjxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KPHN0cmluZz4xODZEQjI2RS1COTZGLTREMUItOUM4MC02QUQ3RUZGODdEMDE8L3N0cmluZz4KPGtleT5QYXlsb2FkRGlzcGxheU5hbWU8L2tleT4KPHN0cmluZz5EZWZlbmRlciAtIEZ1bGwgRGlzayBBY2Nlc3M8L3N0cmluZz4KPGtleT5QYXlsb2FkRGVzY3JpcHRpb248L2tleT4KPHN0cmluZy8+CjxrZXk+UGF5bG9hZFZlcnNpb248L2tleT4KPGludGVnZXI+MTwvaW50ZWdlcj4KPGtleT5QYXlsb2FkRW5hYmxlZDwva2V5Pgo8dHJ1ZS8+CjxrZXk+UGF5bG9hZFJlbW92YWxEaXNhbGxvd2VkPC9rZXk+Cjx0cnVlLz4KPGtleT5QYXlsb2FkU2NvcGU8L2tleT4KPHN0cmluZz5TeXN0ZW08L3N0cmluZz4KPGtleT5QYXlsb2FkQ29udGVudDwva2V5Pgo8YXJyYXk+CjxkaWN0Pgo8a2V5PlBheWxvYWRVVUlEPC9rZXk+CjxzdHJpbmc+NzgyRUZGQkEtQTE1OC00NTcxLTgyMkQtRDA4NUJBNDNFRDdBPC9zdHJpbmc+CjxrZXk+UGF5bG9hZFR5cGU8L2tleT4KPHN0cmluZz5jb20uYXBwbGUuVENDLmNvbmZpZ3VyYXRpb24tcHJvZmlsZS1wb2xpY3k8L3N0cmluZz4KPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CjxzdHJpbmc+TWljcm9zb2Z0IENvcnBvcmF0aW9uPC9zdHJpbmc+CjxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KPHN0cmluZz43ODJFRkZCQS1BMTU4LTQ1NzEtODIyRC1EMDg1QkE0M0VEN0E8L3N0cmluZz4KPGtleT5QYXlsb2FkRGlzcGxheU5hbWU8L2tleT4KPHN0cmluZz5Qcml2YWN5IFByZWZlcmVuY2VzIFBvbGljeSBDb250cm9sPC9zdHJpbmc+CjxrZXk+UGF5bG9hZERlc2NyaXB0aW9uPC9rZXk+CjxzdHJpbmcvPgo8a2V5PlBheWxvYWRWZXJzaW9uPC9rZXk+CjxpbnRlZ2VyPjE8L2ludGVnZXI+CjxrZXk+UGF5bG9hZEVuYWJsZWQ8L2tleT4KPHRydWUvPgo8a2V5PlNlcnZpY2VzPC9rZXk+CjxkaWN0Pgo8a2V5PlN5c3RlbVBvbGljeUFsbEZpbGVzPC9rZXk+CjxhcnJheT4KPGRpY3Q+CjxrZXk+SWRlbnRpZmllcjwva2V5Pgo8c3RyaW5nPmNvbS5taWNyb3NvZnQud2Rhdjwvc3RyaW5nPgo8a2V5PkNvZGVSZXF1aXJlbWVudDwva2V5Pgo8c3RyaW5nPmlkZW50aWZpZXIgImNvbS5taWNyb3NvZnQud2RhdiIgYW5kIGFuY2hvciBhcHBsZSBnZW5lcmljIGFuZCBjZXJ0aWZpY2F0ZSAxW2ZpZWxkLjEuMi44NDAuMTEzNjM1LjEwMC42LjIuNl0gLyogZXhpc3RzICovIGFuZCBjZXJ0aWZpY2F0ZSBsZWFmW2ZpZWxkLjEuMi44NDAuMTEzNjM1LjEwMC42LjEuMTNdIC8qIGV4aXN0cyAqLyBhbmQgY2VydGlmaWNhdGUgbGVhZltzdWJqZWN0Lk9VXSA9IFVCRjhUMzQ2Rzk8L3N0cmluZz4KPGtleT5JZGVudGlmaWVyVHlwZTwva2V5Pgo8c3RyaW5nPmJ1bmRsZUlEPC9zdHJpbmc+CjxrZXk+U3RhdGljQ29kZTwva2V5Pgo8aW50ZWdlcj4wPC9pbnRlZ2VyPgo8a2V5PkFsbG93ZWQ8L2tleT4KPGludGVnZXI+MTwvaW50ZWdlcj4KPC9kaWN0Pgo8ZGljdD4KPGtleT5JZGVudGlmaWVyPC9rZXk+CjxzdHJpbmc+Y29tLm1pY3Jvc29mdC53ZGF2LmVwc2V4dDwvc3RyaW5nPgo8a2V5PkNvZGVSZXF1aXJlbWVudDwva2V5Pgo8c3RyaW5nPmlkZW50aWZpZXIgImNvbS5taWNyb3NvZnQud2Rhdi5lcHNleHQiIGFuZCBhbmNob3IgYXBwbGUgZ2VuZXJpYyBhbmQgY2VydGlmaWNhdGUgMVtmaWVsZC4xLjIuODQwLjExMzYzNS4xMDAuNi4yLjZdIC8qIGV4aXN0cyAqLyBhbmQgY2VydGlmaWNhdGUgbGVhZltmaWVsZC4xLjIuODQwLjExMzYzNS4xMDAuNi4xLjEzXSAvKiBleGlzdHMgKi8gYW5kIGNlcnRpZmljYXRlIGxlYWZbc3ViamVjdC5PVV0gPSBVQkY4VDM0Nkc5PC9zdHJpbmc+CjxrZXk+SWRlbnRpZmllclR5cGU8L2tleT4KPHN0cmluZz5idW5kbGVJRDwvc3RyaW5nPgo8a2V5PlN0YXRpY0NvZGU8L2tleT4KPGludGVnZXI+MDwvaW50ZWdlcj4KPGtleT5BbGxvd2VkPC9rZXk+CjxpbnRlZ2VyPjE8L2ludGVnZXI+CjwvZGljdD4KPGRpY3Q+CjxrZXk+SWRlbnRpZmllcjwva2V5Pgo8c3RyaW5nPmNvbS5taWNyb3NvZnQuZGxwLmRhZW1vbjwvc3RyaW5nPgo8a2V5PkNvZGVSZXF1aXJlbWVudDwva2V5Pgo8c3RyaW5nPmlkZW50aWZpZXIgImNvbS5taWNyb3NvZnQuZGxwLmRhZW1vbiIgYW5kIGFuY2hvciBhcHBsZSBnZW5lcmljIGFuZCBjZXJ0aWZpY2F0ZSAxW2ZpZWxkLjEuMi44NDAuMTEzNjM1LjEwMC42LjIuNl0gLyogZXhpc3RzICovIGFuZCBjZXJ0aWZpY2F0ZSBsZWFmW2ZpZWxkLjEuMi44NDAuMTEzNjM1LjEwMC42LjEuMTNdIC8qIGV4aXN0cyAqLyBhbmQgY2VydGlmaWNhdGUgbGVhZltzdWJqZWN0Lk9VXSA9IFVCRjhUMzQ2Rzk8L3N0cmluZz4KPGtleT5JZGVudGlmaWVyVHlwZTwva2V5Pgo8c3RyaW5nPmJ1bmRsZUlEPC9zdHJpbmc+CjxrZXk+U3RhdGljQ29kZTwva2V5Pgo8aW50ZWdlcj4wPC9pbnRlZ2VyPgo8a2V5PkFsbG93ZWQ8L2tleT4KPGludGVnZXI+MTwvaW50ZWdlcj4KPC9kaWN0Pgo8L2FycmF5Pgo8L2RpY3Q+CjwvZGljdD4KPC9hcnJheT4KPC9kaWN0Pgo8L3BsaXN0Pgo=
deploymentChannel	deviceChannel

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac Defender for Endpoint Network Filter

As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft 365 Defender portal. The following policy allows the network extension to perform this functionality.

Property	Value
@odata.type	#microsoft.graph.macOSCustomConfiguration
id	5d61dac5-40ce-47d8-80fc-73e8dbaa48ba
lastModifiedDateTime	04/08/2022 16:26:17
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:26:17
description	As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint on macOS inspects socket traffic and reports this information to the Microsoft 365 Defender portal. The following policy allows the network extension to perform this functionality.
displayName	Mac Defender for Endpoint Network Filter
version	1
payloadName	Mac Defender for Endpoint Network Filter
payloadFileName	netfilter.mobileconfig
payload	PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9uPSIxIj4KPGRpY3Q+CjxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KPHN0cmluZz4xQTg1M0REQi0zN0FCLTRENEYtQjc0RC0xNTE5N0ZFRjY0MjM8L3N0cmluZz4KPGtleT5QYXlsb2FkVHlwZTwva2V5Pgo8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CjxzdHJpbmc+TWljcm9zb2Z0IENvcnBvcmF0aW9uPC9zdHJpbmc+CjxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KPHN0cmluZz4xQTg1M0REQi0zN0FCLTRENEYtQjc0RC0xNTE5N0ZFRjY0MjM8L3N0cmluZz4KPGtleT5QYXlsb2FkRGlzcGxheU5hbWU8L2tleT4KPHN0cmluZz5EZWZlbmRlciAtIE5ldHdvcmsgRmlsdGVyPC9zdHJpbmc+CjxrZXk+UGF5bG9hZERlc2NyaXB0aW9uPC9rZXk+CjxzdHJpbmcvPgo8a2V5PlBheWxvYWRWZXJzaW9uPC9rZXk+CjxpbnRlZ2VyPjE8L2ludGVnZXI+CjxrZXk+UGF5bG9hZEVuYWJsZWQ8L2tleT4KPHRydWUvPgo8a2V5PlBheWxvYWRSZW1vdmFsRGlzYWxsb3dlZDwva2V5Pgo8dHJ1ZS8+CjxrZXk+UGF5bG9hZFNjb3BlPC9rZXk+CjxzdHJpbmc+U3lzdGVtPC9zdHJpbmc+CjxrZXk+UGF5bG9hZENvbnRlbnQ8L2tleT4KPGFycmF5Pgo8ZGljdD4KPGtleT5GaWx0ZXJEYXRhUHJvdmlkZXJCdW5kbGVJZGVudGlmaWVyPC9rZXk+CjxzdHJpbmc+Y29tLm1pY3Jvc29mdC53ZGF2Lm5ldGV4dDwvc3RyaW5nPgo8a2V5PkZpbHRlckRhdGFQcm92aWRlckRlc2lnbmF0ZWRSZXF1aXJlbWVudDwva2V5Pgo8c3RyaW5nPmlkZW50aWZpZXIgImNvbS5taWNyb3NvZnQud2Rhdi5uZXRleHQiIGFuZCBhbmNob3IgYXBwbGUgZ2VuZXJpYyBhbmQgY2VydGlmaWNhdGUgMVtmaWVsZC4xLjIuODQwLjExMzYzNS4xMDAuNi4yLjZdIC8qIGV4aXN0cyAqLyBhbmQgY2VydGlmaWNhdGUgbGVhZltmaWVsZC4xLjIuODQwLjExMzYzNS4xMDAuNi4xLjEzXSAvKiBleGlzdHMgKi8gYW5kIGNlcnRpZmljYXRlIGxlYWZbc3ViamVjdC5PVV0gPSBVQkY4VDM0Nkc5PC9zdHJpbmc+CjxrZXk+RmlsdGVyR3JhZGU8L2tleT4KPHN0cmluZz5pbnNwZWN0b3I8L3N0cmluZz4KPGtleT5GaWx0ZXJQYWNrZXRzPC9rZXk+CjxmYWxzZS8+CjxrZXk+RmlsdGVyU29ja2V0czwva2V5Pgo8dHJ1ZS8+CjxrZXk+RmlsdGVyVHlwZTwva2V5Pgo8c3RyaW5nPlBsdWdpbjwvc3RyaW5nPgo8a2V5PlBheWxvYWREaXNwbGF5TmFtZTwva2V5Pgo8c3RyaW5nPldlYiBDb250ZW50IEZpbHRlciBQYXlsb2FkPC9zdHJpbmc+CjxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KPHN0cmluZz4yODNGNEJGMC03ODhBLTQ0MzUtOUI2Mi0zRTAwODk2MzU4RDc8L3N0cmluZz4KPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CjxzdHJpbmc+SkFNRiBTb2Z0d2FyZTwvc3RyaW5nPgo8a2V5PlBheWxvYWRUeXBlPC9rZXk+CjxzdHJpbmc+Y29tLmFwcGxlLndlYmNvbnRlbnQtZmlsdGVyPC9zdHJpbmc+CjxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KPHN0cmluZz4yODNGNEJGMC03ODhBLTQ0MzUtOUI2Mi0zRTAwODk2MzU4RDc8L3N0cmluZz4KPGtleT5QYXlsb2FkVmVyc2lvbjwva2V5Pgo8aW50ZWdlcj4xPC9pbnRlZ2VyPgo8a2V5PlBsdWdpbkJ1bmRsZUlEPC9rZXk+CjxzdHJpbmc+Y29tLm1pY3Jvc29mdC53ZGF2PC9zdHJpbmc+CjxrZXk+VXNlckRlZmluZWROYW1lPC9rZXk+CjxzdHJpbmc+TWljcm9zb2Z0IERlZmVuZGVyIENvbnRlbnQgRmlsdGVyPC9zdHJpbmc+CjwvZGljdD4KPC9hcnJheT4KPC9kaWN0Pgo8L3BsaXN0Pgo=
deploymentChannel	deviceChannel

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac Defender for Endpoint Notifications

This profile is used to allow Microsoft Defender for Endpoint on macOS and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina) or newer.

Property	Value
@odata.type	#microsoft.graph.macOSCustomConfiguration
id	43e52813-e3b7-478e-a692-a52cddf1b3f1
lastModifiedDateTime	04/08/2022 16:28:34
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:28:34
description	This profile is used to allow Microsoft Defender for Endpoint on macOS and Microsoft Auto Update to display notifications in UI on macOS 10.15 (Catalina) or newer.
displayName	Mac Defender for Endpoint Notifications
version	1
payloadName	Mac Defender for Endpoint Notifications
payloadFileName	notif.mobileconfig
payload	PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9uPSIxIj4KPGRpY3Q+CjxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KPHN0cmluZz5FMUUwRDNGNy01NDZGLTQ4NjctQjY1NS02NjlFMTM2MUFCRTU8L3N0cmluZz4KPGtleT5QYXlsb2FkVHlwZTwva2V5Pgo8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CjxzdHJpbmc+TWljcm9zb2Z0IENvcnBvcmF0aW9uPC9zdHJpbmc+CjxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KPHN0cmluZz5FMUUwRDNGNy01NDZGLTQ4NjctQjY1NS02NjlFMTM2MUFCRTU8L3N0cmluZz4KPGtleT5QYXlsb2FkRGlzcGxheU5hbWU8L2tleT4KPHN0cmluZz5EZWZlbmRlciAtIE5vdGlmaWNhdGlvbnM8L3N0cmluZz4KPGtleT5QYXlsb2FkRGVzY3JpcHRpb248L2tleT4KPHN0cmluZy8+CjxrZXk+UGF5bG9hZFZlcnNpb248L2tleT4KPGludGVnZXI+MTwvaW50ZWdlcj4KPGtleT5QYXlsb2FkRW5hYmxlZDwva2V5Pgo8dHJ1ZS8+CjxrZXk+UGF5bG9hZFJlbW92YWxEaXNhbGxvd2VkPC9rZXk+Cjx0cnVlLz4KPGtleT5QYXlsb2FkU2NvcGU8L2tleT4KPHN0cmluZz5TeXN0ZW08L3N0cmluZz4KPGtleT5QYXlsb2FkQ29udGVudDwva2V5Pgo8YXJyYXk+CjxkaWN0Pgo8a2V5PlBheWxvYWREaXNwbGF5TmFtZTwva2V5Pgo8c3RyaW5nPk5vdGlmaWNhdGlvbnMgUGF5bG9hZDwvc3RyaW5nPgo8a2V5PlBheWxvYWRJZGVudGlmaWVyPC9rZXk+CjxzdHJpbmc+MDVCRjcyMjEtMjQ3MC00NzdELTk5QjMtMTcyOUIxOTMyQkRCPC9zdHJpbmc+CjxrZXk+UGF5bG9hZE9yZ2FuaXphdGlvbjwva2V5Pgo8c3RyaW5nPk1pY3Jvc29mdCBDb3Jwb3JhdGlvbjwvc3RyaW5nPgo8a2V5PlBheWxvYWRUeXBlPC9rZXk+CjxzdHJpbmc+Y29tLmFwcGxlLm5vdGlmaWNhdGlvbnNldHRpbmdzPC9zdHJpbmc+CjxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KPHN0cmluZz4wNUJGNzIyMS0yNDcwLTQ3N0QtOTlCMy0xNzI5QjE5MzJCREI8L3N0cmluZz4KPGtleT5QYXlsb2FkVmVyc2lvbjwva2V5Pgo8aW50ZWdlcj4xPC9pbnRlZ2VyPgo8a2V5Pk5vdGlmaWNhdGlvblNldHRpbmdzPC9rZXk+CjxhcnJheT4KPGRpY3Q+CjxrZXk+QWxlcnRUeXBlPC9rZXk+CjxpbnRlZ2VyPjE8L2ludGVnZXI+CjxrZXk+QmFkZ2VzRW5hYmxlZDwva2V5Pgo8dHJ1ZS8+CjxrZXk+QnVuZGxlSWRlbnRpZmllcjwva2V5Pgo8c3RyaW5nPmNvbS5taWNyb3NvZnQuYXV0b3VwZGF0ZTI8L3N0cmluZz4KPGtleT5Dcml0aWNhbEFsZXJ0RW5hYmxlZDwva2V5Pgo8ZmFsc2UvPgo8a2V5Pk5vdGlmaWNhdGlvbnNFbmFibGVkPC9rZXk+Cjx0cnVlLz4KPGtleT5TaG93SW5Mb2NrU2NyZWVuPC9rZXk+CjxmYWxzZS8+CjxrZXk+U2hvd0luTm90aWZpY2F0aW9uQ2VudGVyPC9rZXk+Cjx0cnVlLz4KPGtleT5Tb3VuZHNFbmFibGVkPC9rZXk+Cjx0cnVlLz4KPC9kaWN0Pgo8ZGljdD4KPGtleT5BbGVydFR5cGU8L2tleT4KPGludGVnZXI+MTwvaW50ZWdlcj4KPGtleT5CYWRnZXNFbmFibGVkPC9rZXk+Cjx0cnVlLz4KPGtleT5CdW5kbGVJZGVudGlmaWVyPC9rZXk+CjxzdHJpbmc+Y29tLm1pY3Jvc29mdC53ZGF2LnRyYXk8L3N0cmluZz4KPGtleT5Dcml0aWNhbEFsZXJ0RW5hYmxlZDwva2V5Pgo8ZmFsc2UvPgo8a2V5Pk5vdGlmaWNhdGlvbnNFbmFibGVkPC9rZXk+Cjx0cnVlLz4KPGtleT5TaG93SW5Mb2NrU2NyZWVuPC9rZXk+CjxmYWxzZS8+CjxrZXk+U2hvd0luTm90aWZpY2F0aW9uQ2VudGVyPC9rZXk+Cjx0cnVlLz4KPGtleT5Tb3VuZHNFbmFibGVkPC9rZXk+Cjx0cnVlLz4KPC9kaWN0Pgo8L2FycmF5Pgo8L2RpY3Q+CjwvYXJyYXk+CjwvZGljdD4KPC9wbGlzdD4K
deploymentChannel	deviceChannel

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac Firewall

Require enable/disable firewall on MacOS devices.

Property	Value
@odata.type	#microsoft.graph.macOSEndpointProtectionConfiguration
id	be972483-7f59-4965-bbd7-41aaa9c0b1cc
lastModifiedDateTime	05/26/2022 17:04:45
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	05/26/2022 17:04:45
description	Require enable/disable firewall on MacOS devices.
displayName	Mac Firewall
version	1
gatekeeperAllowedAppSource	macAppStoreAndIdentifiedDevelopers
gatekeeperBlockOverride	True
firewallEnabled	True
firewallBlockAllIncoming
firewallEnableStealthMode	True
fileVaultEnabled
fileVaultSelectedRecoveryKeyTypes	notConfigured
fileVaultInstitutionalRecoveryKeyCertificate
fileVaultInstitutionalRecoveryKeyCertificateFileName
fileVaultPersonalRecoveryKeyHelpMessage
fileVaultAllowDeferralUntilSignOut
fileVaultNumberOfTimesUserCanIgnore
fileVaultDisablePromptAtSignOut
fileVaultPersonalRecoveryKeyRotationInMonths
fileVaultHidePersonalRecoveryKey
advancedThreatProtectionRealTime	notConfigured
advancedThreatProtectionCloudDelivered	notConfigured
advancedThreatProtectionAutomaticSampleSubmission	notConfigured
advancedThreatProtectionDiagnosticDataCollection	notConfigured
advancedThreatProtectionExcludedFolders
advancedThreatProtectionExcludedFiles
advancedThreatProtectionExcludedExtensions
advancedThreatProtectionExcludedProcesses
firewallApplications

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac Kernel Extensions

This profile is needed for MacOS 10.15 (Catalina) or older. It will be ignored on newer MacOS.

Property	Value
@odata.type	#microsoft.graph.macOSExtensionsConfiguration
id	a4dc11b2-744a-4cff-88a3-1190841b926e
lastModifiedDateTime	04/08/2022 16:16:51
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:16:51
description	This profile is needed for MacOS 10.15 (Catalina) or older. It will be ignored on newer MacOS.
displayName	Mac Kernel Extensions
version	1
kernelExtensionOverridesAllowed
kernelExtensionAllowedTeamIdentifiers	UBF8T346G9
systemExtensionsBlockOverride
systemExtensionsAllowedTeamIdentifiers
kernelExtensionsAllowed
systemExtensionsAllowed
systemExtensionsAllowedTypes

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Mac MDATP onboarding

Required for all Mac versions

Property	Value
@odata.type	#microsoft.graph.macOSCustomConfiguration
id	e8e07c2d-2bc0-4353-966b-28a2bf8523ca
lastModifiedDateTime	04/08/2022 16:18:00
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	04/08/2022 16:10:49
description	Required for all Mac versions
displayName	Mac MDATP onboarding
version	2
payloadName	MDATP onboarding for MacOS
payloadFileName	WindowsDefenderATPOnboarding.xml
payload	PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCFET0NUWVBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJzaW9uPSIxIj4KICAgIDxkaWN0PgogICAgICAgIDxrZXk+UGF5bG9hZFVVSUQ8L2tleT4KICAgICAgICA8c3RyaW5nPkEyN0Y1MjRGLTdBNTQtNEU5QS1CNDU5LUI1MEEzMjFDNDI5NTwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZFR5cGU8L2tleT4KICAgICAgICA8c3RyaW5nPkNvbmZpZ3VyYXRpb248L3N0cmluZz4KICAgICAgICA8a2V5PlBheWxvYWRPcmdhbml6YXRpb248L2tleT4KICAgICAgICA8c3RyaW5nPk1pY3Jvc29mdDwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZElkZW50aWZpZXI8L2tleT4KICAgICAgICA8c3RyaW5nPkEyN0Y1MjRGLTdBNTQtNEU5QS1CNDU5LUI1MEEzMjFDNDI5NTwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZERpc3BsYXlOYW1lPC9rZXk+CiAgICAgICAgPHN0cmluZz5XREFUUCBzZXR0aW5nczwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZERlc2NyaXB0aW9uPC9rZXk+CiAgICAgICAgPHN0cmluZz5XREFUUCBjb25maWd1cmF0aW9uIHNldHRpbmdzLjwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZFZlcnNpb248L2tleT4KICAgICAgICA8aW50ZWdlcj4xPC9pbnRlZ2VyPgogICAgICAgIDxrZXk+UGF5bG9hZEVuYWJsZWQ8L2tleT4KICAgICAgICA8dHJ1ZS8+CiAgICAgICAgPGtleT5QYXlsb2FkUmVtb3ZhbERpc2FsbG93ZWQ8L2tleT4KICAgICAgICA8dHJ1ZS8+CiAgICAgICAgPGtleT5QYXlsb2FkU2NvcGU8L2tleT4KICAgICAgICA8c3RyaW5nPlN5c3RlbTwvc3RyaW5nPgogICAgICAgIDxrZXk+UGF5bG9hZENvbnRlbnQ8L2tleT4KICAgICAgICA8YXJyYXk+CiAgICAgICAgICAgIDxkaWN0PgogICAgICAgICAgICAgICAgPGtleT5QYXlsb2FkVVVJRDwva2V5PgogICAgICAgICAgICAgICAgPHN0cmluZz5ENzExNDNFOS04RjQxLTQ3RUUtOENEMi02OTQ5NUU4MkM2QUM8L3N0cmluZz4KICAgICAgICAgICAgICAgIDxrZXk+UGF5bG9hZFR5cGU8L2tleT4KICAgICAgICAgICAgICAgIDxzdHJpbmc+Y29tLm1pY3Jvc29mdC53ZGF2LmF0cDwvc3RyaW5nPgogICAgICAgICAgICAgICAgPGtleT5QYXlsb2FkT3JnYW5pemF0aW9uPC9rZXk+CiAgICAgICAgICAgICAgICA8c3RyaW5nPk1pY3Jvc29mdDwvc3RyaW5nPgogICAgICAgICAgICAgICAgPGtleT5QYXlsb2FkSWRlbnRpZmllcjwva2V5PgogICAgICAgICAgICAgICAgPHN0cmluZz5ENzExNDNFOS04RjQxLTQ3RUUtOENEMi02OTQ5NUU4MkM2QUM8L3N0cmluZz4KICAgICAgICAgICAgICAgIDxrZXk+UGF5bG9hZERpc3BsYXlOYW1lPC9rZXk+CiAgICAgICAgICAgICAgICA8c3RyaW5nPldEQVRQIGNvbmZpZ3VyYXRpb24gc2V0dGluZ3M8L3N0cmluZz4KICAgICAgICAgICAgICAgIDxrZXk+UGF5bG9hZERlc2NyaXB0aW9uPC9rZXk+CiAgICAgICAgICAgICAgICA8c3RyaW5nLz4KICAgICAgICAgICAgICAgIDxrZXk+UGF5bG9hZFZlcnNpb248L2tleT4KICAgICAgICAgICAgICAgIDxpbnRlZ2VyPjE8L2ludGVnZXI+CiAgICAgICAgICAgICAgICA8a2V5PlBheWxvYWRFbmFibGVkPC9rZXk+CiAgICAgICAgICAgICAgICA8dHJ1ZS8+CiAgICAgICAgICAgICAgICA8a2V5PkFsbG93VXNlck92ZXJyaWRlczwva2V5PgogICAgICAgICAgICAgICAgPHRydWUvPgogICAgICAgICAgICAgICAgPGtleT5PcmdJZDwva2V5PgogICAgICAgICAgICAgICAgPHN0cmluZz4yMTUzZGZmNy01Mzk0LTRhZDYtYTI5My00NDg2YzE5YjE3MDI8L3N0cmluZz4KICAgICAgICAgICAgICAgIDxrZXk+T25ib2FyZGluZ0luZm88L2tleT4KICAgICAgICAgICAgICAgIDxzdHJpbmc+eyJib2R5Ijoie1wicHJldmlvdXNPcmdJZHNcIjpbXSxcIm9yZ0lkXCI6XCIyMTUzZGZmNy01Mzk0LTRhZDYtYTI5My00NDg2YzE5YjE3MDJcIixcImdlb0xvY2F0aW9uVXJsXCI6XCJodHRwczovL3dpbmF0cC1ndy1jdXMzLm1pY3Jvc29mdC5jb20vXCIsXCJkYXRhY2VudGVyXCI6XCJDZW50cmFsVXMzXCIsXCJ2b3J0ZXhHZW9Mb2NhdGlvblwiOlwiVVNcIixcInZlcnNpb25cIjpcIjEuMzVcIn0iLCJzaWciOiJnTEF5ZjFNdzYybEVwd2g2clJkVW1XdkU3bkpQWHdSeGdDa3pncE9ScXpCT0xEcDFVc20wQ1h4cCtWWDlMU0lNMHNndmdBK3ltTFo4N1BRZ04zZG9tUGRRLyt0STcwbmZzV2s1TFlaWVUvbG9zeGtkRWhqOWpIeml6K1VwVjRZV1pUeFprdloxQVFWaWVqVUp2VXZqUlpYMUFFYjV6cXBicmlJaXRKZXBOYXB0b2dvTjlEaFVFVTljT0NwRVBtMjJIVEJVeFJMQVBxQUF4UzcwMnM0bndrRFNFTEpyUmhKSmJKUjNpSHFyTWlkTGJUM2N2SHdESUxHV2MwS3VmWWdaQy9HRitEYndUL3BPYWhrUGU0d054MkkwSWx3eFV5dHQxRE1RdHUvSnIzWlVwUzRpdVRlNmM1M3RqMWxoVGYyQkxSWFZYWUxsaDN4aU8xUnVSU0o5dGc9PSIsInNoYTI1NnNpZyI6IlQ1cG9vZThwTE9aQjlqcGZvVzcvNzdQZzdnRVpLS3RkaDJPVW14Ry9tbXBLalY1U0RYbzBZS09jM04xNklaY1VGVWZ0UXFRR0M3eiszOHI2VEx6bVcrVmlsWlpuMy9QckpPQ2hscXl1cDdoeGVSbmlOWTVId04vMGp5UjBrN2IzRU5ZeGJjODloN3kreWZvVVUxUEorTWc1Vk80WVY3RElKdmNDVHVsWnpOQlBaVUx3UXJ5bjNzelZPM3FCL3Y2QzdFbzF5a2g3N3hNQUxza1RnYi80U1dYUG5CcUZnZzRuOHByVDh4UXo3NTdEN09CbEFGbjY0dERqNVRLbWczTDVIbW5hU3FmdE4rL1UvTHZLb3FqVmxURExLS0pqelp0bDlzZTlCRVVVb0prYlNpV09pSms3Zmw1VUhDWjJxNnhZUEl6WXpoYkg2bTV0OTgwaXU4ckN2dz09IiwiY2VydCI6Ik1JSUZnekNDQTJ1Z0F3SUJBZ0lUTXdBQUFibnZhYTNCdGREaXlRQUFBQUFCdVRBTkJna3Foa2lHOXcwQkFRc0ZBREIrTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHQTFVRUNCTUtWMkZ6YUdsdVozUnZiakVRTUE0R0ExVUVCeE1IVW1Wa2JXOXVaREVlTUJ3R0ExVUVDaE1WVFdsamNtOXpiMlowSUVOdmNuQnZjbUYwYVc5dU1TZ3dKZ1lEVlFRREV4OU5hV055YjNOdlpuUWdVMlZqZFhKbElGTmxjblpsY2lCRFFTQXlNREV4TUI0WERUSXhNRGN3TVRFNU1UUTBPRm9YRFRJeU1EY3dNVEU1TVRRME9Gb3dIakVjTUJvR0ExVUVBeE1UVTJWMmFXeHNaUzVYYVc1a2IzZHpMbU52YlRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTndRcW1Rbmg4elBBV3NJcVQ5dzhmTy9pc25MaklxN3hHcVNCR0pkODVHWlJDMlBTL2hISkV0eExoS2JsekJpUHd1OU1BRWtEeDZ5cCt1RHBmMWhNa0lZRG80N0QvUjY3ZnZBY1EwVEo4MlRkQnM4YnlZQnNJc3l1bGYxNlR3NlFNeVpzc2FEZDdXOXdGYzFwVG1CNjBCNnlieDlCVmNHeEhlNUhNek5mbVdwY0MvK2psOURacEpUQUpQalBHbXc0SkJlMnVUa3gvTTNrZm9oV2pENnZUekxDRHRGR1UrWXZLOW4vVGt5OEFZeTdpT2ZsZmY0SHNxclFmc2p2TFBCNEVxZjVESDZkZCtPcGZTY3BtcFdxMjNHVFZ3WU1MSVZ0a2dHM3B6V1M2R3QxZjd3eEZqcFYwcUZLaXgvUk9RK1FxY3NYaXN5bU1kTEVQMDdtaFlwZVZFQ0F3RUFBYU9DQVZnd2dnRlVNQTRHQTFVZER3RUIvd1FFQXdJRklEQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWVCZ05WSFJFRUZ6QVZnaE5UWlhacGJHeGxMbGRwYm1SdmQzTXVZMjl0TUIwR0ExVWREZ1FXQkJSaVNyM1lTWjI5VUg3Z2lYNm9FS3FPVW5mODVqQWZCZ05WSFNNRUdEQVdnQlEyVm9sbFNjdGJteTg4ckVJV1VFMlJ1VFBYa1RCVEJnTlZIUjhFVERCS01FaWdScUJFaGtKb2RIUndPaTh2ZDNkM0xtMXBZM0p2YzI5bWRDNWpiMjB2Y0d0cGIzQnpMMk55YkM5TmFXTlRaV05UWlhKRFFUSXdNVEZmTWpBeE1TMHhNQzB4T0M1amNtd3dZQVlJS3dZQkJRVUhBUUVFVkRCU01GQUdDQ3NHQVFVRkJ6QUNoa1JvZEhSd09pOHZkM2QzTG0xcFkzSnZjMjltZEM1amIyMHZjR3RwYjNCekwyTmxjblJ6TDAxcFkxTmxZMU5sY2tOQk1qQXhNVjh5TURFeExURXdMVEU0TG1OeWREQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFOc2VSQXNyZC8zTEJLR0FSOVBPNFFHOXFYTXJZY3NQTW1BcnVaR1dlMmhMQlZkajVWcTVSYURzK1BVaXNTMDhKZjVra1FCTFJpd3gwNjFhNFU5WXJvYk5WZFAvRlVqd3E4VUpTSHhXVnIzZXJWU2F6T3FDWStaT1lSUWdCSkJ0emk0bmhLVi9MMCtHOHV4ai9yMnlpSEJ1UWVXSEkvZWVYT2QrL2J3LzNCa2RVVGdFTnJydG00ZlhhbnVIeWFTSGovcStnNGVhL2Nxck91RCtpSWIrZ2FLTS81ZThwV0owTWNGM2RZd1V2QmNIMEZmeEtqZWdLcnNDQlUrWStCbUVpcjhORUhYTjdaVVZHeDFCaVc1RE9CamdqQ3FZbzV1eEU0Ynp0TW1pamI1Y3VIM0diUVhQbWZHbTdHS0JOK1M3enlBK3FLNHhhblM0Y0NxYVZ2WnBJWVhvUHk0Q1RHWHljdHlBRkxEVHlia2N4dVhVMlVxRCtrNDNVa3JUcGd2WmZ6QXUwWGVXa2NtTmZIc3VKT3ArWUEzQnhxMURVQXRkdk53RStvUTBMUWhqdnFoekU5K25UeWtYRlFxNW1WWmxYWU0zRy9ZM2xHeXhETXFmeUVBRm5UK25ZTGJSaG5rTjZOaWRoZmU5TUtSTlN1MmpLemZrbVlvSUdJYVdXL2JkN1duQ0RkNzVEaElnc0NXOUxIQWlrYVQyamIrSmlQOVIxZ3JzWTNrZjk4ZzlLTzJnSVFLTnlpZmlWWXJaUW4wMndYVmZyRWgyUWVsdm9tNGxCRVJyVTNCL1c1bW1waDRVRjNYM2lVNWxDdjU1T2NvSFUyRlk0RXVzblFveEFtQk1SejZ5eHhIWnFWdWM4SVczRzhqeHVOdTBIYUI5dloraU1Fa2Q5c0VJZk1wQT0iLCJjaGFpbiI6WyJNSUlHMkRDQ0JNQ2dBd0lCQWdJS1lUKzNHQUFBQUFBQUJEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmlERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2xkaGMyaHBibWQwYjI0eEVEQU9CZ05WQkFjVEIxSmxaRzF2Ym1ReEhqQWNCZ05WQkFvVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakV5TURBR0ExVUVBeE1wVFdsamNtOXpiMlowSUZKdmIzUWdRMlZ5ZEdsbWFXTmhkR1VnUVhWMGFHOXlhWFI1SURJd01URXdIaGNOTVRFeE1ERTRNakkxTlRFNVdoY05Nall4TURFNE1qTXdOVEU1V2pCK01Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQk1LVjJGemFHbHVaM1J2YmpFUU1BNEdBMVVFQnhNSFVtVmtiVzl1WkRFZU1Cd0dBMVVFQ2hNVlRXbGpjbTl6YjJaMElFTnZjbkJ2Y21GMGFXOXVNU2d3SmdZRFZRUURFeDlOYVdOeWIzTnZablFnVTJWamRYSmxJRk5sY25abGNpQkRRU0F5TURFeE1JSUNJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBMEF2QXBLZ1pnZUkyNWVLcTVmT3lGVmgxdnJUbFNmSGdoUG03RFdUdmhjR0JWYmp6NS9GdFFGVTl6b3RxMFlTVDlYVjhXNlRVZEJES012TWowNjd1ejU0RVdNTFpSOHZSZkFCQlNIRWJBV2NYR0svRy9uTURmdVR2UTV6dkFYRXFINEVtUTNlWVZGZHpuVlVyOEo2T2ZRWU9yQnRVOHliMytDTUlJb3VlQmgwM09QMXkwc3JsWThHYVduMnliYk5TcVc3cHJyWDhpemI1bnZyMkhGZ2JsMWFsRWVXM1V0dTc2ZkJVdjdUL0xHeTRYU2JPb0FyWDM1UHRmOTJzOFN4ekd0a1pOMVc2M1NKNGpxSFVtd240QnlJeGNiQ1VydUN3NXlaRVY1Q0JseFhPWWV4bDRrdnhoVklXTXZpMWVLcCt6VTNzZ3lHa3FKdSttbW9FNEtNY3pWWVliUDFyTDBJKzRqZnljcXZRZUhOeWU5N3NBRmpsSVRDakNEcVo3NS9EOTNvV2xtVzF3NEd2OURsd1NhLzJxZlpxQURqNXRBZ1o0Qm8xcFZaMklsOXE4bW11UHExWVJrMjRWUGFKUVVRZWNyRzhFaWRUMHNIL3NzMVFtQjYxOUx1MndvSTUyYXdiOGpzbmhHcXd4aVlMMXpvUTU3UGJmTk5XckZOTUMvbzdNVGQwMkZrcitRQjVHUVo3L1J3ZFF0UkJEUzhGRHRWclNTUC96ODM0ZW9MUDJqd3QzK2pZRWdRWXVoNklkN2lZSHhBSHU4Z0ZmZ3NKdjJ2ZDQwNWJzUG5IaEtZN3lreWZXMklwOThlaXFKV0ljQ3psd1Q4OFVpTlBRSnJETVlXREw3OHA4UjFRanlHV0I4N3Y4b0RDUkgyYll1OHZ3M2VKcTBWTlV6NENlZE1DQXdFQUFhT0NBVXN3Z2dGSE1CQUdDU3NHQVFRQmdqY1ZBUVFEQWdFQU1CMEdBMVVkRGdRV0JCUTJWb2xsU2N0Ym15ODhyRUlXVUUyUnVUUFhrVEFaQmdrckJnRUVBWUkzRkFJRURCNEtBRk1BZFFCaUFFTUFRVEFMQmdOVkhROEVCQU1DQVlZd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZkJnTlZIU01FR0RBV2dCUnlMVG9DTVpCRHVSUUZUdUhxcDhjeDBTT0pOREJhQmdOVkhSOEVVekJSTUUrZ1RhQkxoa2xvZEhSd09pOHZZM0pzTG0xcFkzSnZjMjltZEM1amIyMHZjR3RwTDJOeWJDOXdjbTlrZFdOMGN5OU5hV05TYjI5RFpYSkJkWFF5TURFeFh6SXdNVEZmTUROZk1qSXVZM0pzTUY0R0NDc0dBUVVGQndFQkJGSXdVREJPQmdnckJnRUZCUWN3QW9aQ2FIUjBjRG92TDNkM2R5NXRhV055YjNOdlpuUXVZMjl0TDNCcmFTOWpaWEowY3k5TmFXTlNiMjlEWlhKQmRYUXlNREV4WHpJd01URmZNRE5mTWpJdVkzSjBNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJCeUdIQjlWdWVQcEV4OGJER3Z3a0J0SjIya0hUWENkdW1MZzJmeU9kMk5FYXZCMkNKVElHelBOWDBFalYxd25PbDlVMkVqTXVrWGErL2t2WVhDRmRDbFhKbEJYWjVyZTdSdXJndVZLTlJCNnhvNnlFTTR5V0J3czBxOHNQL3o4SzlTUmlheC9DRXhma1V2R3VWNVpidnMwTFNVOVZLb0JMRXJoSjJVd2xXRHAzMzA2WkppRkR5aWl5WElLSytUbmp2QldXM1M2RVdpTjR4eHdoQ0pIeWtlNTZkdkdBQVhtS1g0NVA4cC81YmV5WGY1Rk4vUzc3bVB2RGJBWGxDSEc2RmJIMjJSREQ3cFRlU2s3S2w3aUN0UDFQVnlmUW9hMWZCK0IxcXQxWXF0aWVCSEtZdG4rZjAwREdEbDZncXRxeStHMEgxNUlsZlZ2dmFXdE5lZlZXVUVINVRWL1JLUFVBcXlMMW5uNFRoRU83OTJtc1Zna244UmgzL1JRWjBuRUlVN2NVNTA3UE5DNE1ua0VOUmt2SkVncTV1bWhVWHNobjZ4MFZzbUFGN3Z6ZXBzSWlra3J3NE9PQWQ1SHlYbUJvdVgrODRaYmMxTDcxL1R5SDZ4SXpTYndiNVNUWHEzeUFQSmFycVlLc3NIMHVKL0xmNlhGU1FTejZpS0U5czVGSmx3ZjJRSElXQ2lHN3BwbFhkSVNoNVJiQVU1UXJNNWwvRXU5dGhOR21mckNZNDk4RXBRUWdWTGt5Zzkva01QdDVmcXdnSkxZT3NyRFNEWXZUSlNVS0pKYlZ1c2tmRnN6bWdzU0FiTExHT0JHK2xNRWtjMEVicFFGdjByVzY2MjRKS2h4SktnQWxOMjk5MnVRVmJHK0M3SUhCZkFDWEgwdzc2RnExN0lwNXhDQT09IiwiTUlJRjdUQ0NBOVdnQXdJQkFnSVFQNHZJdGZ5ZnNwWkR0V25XYkVMaFJEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmlERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2xkaGMyaHBibWQwYjI0eEVEQU9CZ05WQkFjVEIxSmxaRzF2Ym1ReEhqQWNCZ05WQkFvVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakV5TURBR0ExVUVBeE1wVFdsamNtOXpiMlowSUZKdmIzUWdRMlZ5ZEdsbWFXTmhkR1VnUVhWMGFHOXlhWFI1SURJd01URXdIaGNOTVRFd016SXlNakl3TlRJNFdoY05Nell3TXpJeU1qSXhNekEwV2pDQmlERUxNQWtHQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2xkaGMyaHBibWQwYjI0eEVEQU9CZ05WQkFjVEIxSmxaRzF2Ym1ReEhqQWNCZ05WQkFvVEZVMXBZM0p2YzI5bWRDQkRiM0p3YjNKaGRHbHZiakV5TURBR0ExVUVBeE1wVFdsamNtOXpiMlowSUZKdmIzUWdRMlZ5ZEdsbWFXTmhkR1VnUVhWMGFHOXlhWFI1SURJd01URXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDeWdFR3FOVGhORTNJeWFDSk51TEx4LzlWU3ZHekg5ZEpLakRidTBjSmNmb3lLcnE4VEtHL0FjK002enRBbHFGbzZiZStvdUZtckV5Tm96UXdwaDlGdmdGeVBSSDlka0FGU1dLeFJ4VjhxaDl6YzJBb2R3UU81ZTdCVzZLUGVaR0hDbnZqemZMbnNEYlZVL2t5MlpVK0k4SnhJbVF4Q0N3bDhNVmtYZVFaNEtJMkpPa3dESmI1eGFsd0w1NFJncEpraTQ5S3ZoS1NuKzlHWTdReXAzcFNKNFE2ZzNNRE9tVDNxQ0ZLN1ZubmtINFM2SHJpMHhFbGNUekZMaDkzZEJXY21tWURnY1JHanVLVkI0cVJUdWZjeUtZTU1FNzgyWGdTelMwTkhMMnZpa1I3VG1FL2RRZ2ZJNkIwUy9KbXBhejZTZnNqV2FUcjhaTDIyQ1ozSy9Rd0xvcHQzWUVzRGxLUXdhUkxXUWkzQlFVekszS3I5ajF1RFJwclovTEhSNDdQSmYwaDZ6U1R3UVk5Y2ROQ3NzQkFnQmttM3h5MGh5RmZqMEliekEyajcwTTV4d1ltWlNtUUJiUDNzTUpIUFFUeVN4K1c2aGgxaGhNZGZnemxpcnJTU0wwZnpDL2hWNjZBZldkQzdkSnNlMEhibTh1a0cxeERvK21UZWFjWTFsb2dDOEVhNFB5ZVpiOHR4aVNrMTkwZ1dBaldQMVhsOFRRTFBYK3VLZzA5RmNZajVxUTFPY3VuQ25BZlBTUnRPQkE1alVZeGUyQURCVlN5Mnh1RENaVTdKTkRuMW5MUEVmdWhoYmhOZkZjUmYyWDd0SGM3dVJPekxMb2F4N0RqMmNPMnJYQlBCMlE4Tng0Q3lWZTAwOTZ5YjVNUGE1MGM4cHJXUE1kL0ZTNi9yOFFJREFRQUJvMUV3VHpBTEJnTlZIUThFQkFNQ0FZWXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVjaTA2QWpHUVE3a1VCVTdoNnFmSE1kRWppVFF3RUFZSkt3WUJCQUdDTnhVQkJBTUNBUUF3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUg5eXp3KzN4UlhibThCSnlpWmIvcDRUNXRQdzB0dVhYL0pMUDAyenJobXU3ZGVYb0t6dnFUcWp3a0d3NWJpUm5oT0JKQVBtQ2YwL1YwQTVJU1JXMFJBdlMwQ3BOb1pMdEZOWG12dnhmb21QRWY0WWJGR3E2TzBKbGJYbGNjbWg2WWQxcGhWL3lYNDNWRjUwazhYRFo4d05UMnVvRnd4dENKSitpOTJCcWkxd0ljTTlCaFM3dnlSZXA0VFhQdzhoSXIxTEFBYmJseHpZWHRURkMxeUhibENrNk1NNHBQdkxMTVdTWnB1RlhzdDZiSk44Z0NsWVcxZTFRR202Q0htbVpHSVZuWWVXUmJWbUl5QURpeHh6b05PaWVUUGdVRm1HMnkvbEFpWHFjeXFmQUJUSU5zZVNPK2xPQU96WVZnbTVNMGtTMGxRTEFhdXNSN2FSS1gxTXRIV0FVZ0hveW9MMm44eXNuSThYNmk4bXNLdHlyQXYrbmxFZXgwTlZaMDlSczFmV3R1enVVcmM2NlU3aDE0R0l2RStPZGJ0THFQQTFxaWJVWjJkSnNuQk1PNVBjSGQ5NGtJWnlzamlrMGR5U1RjbFk2eXNTWE5RN3JveHJzSVBsQVQvNENUTDJrelUwSXEvZE53MTNDWUFyelVnQThZeVpHVWNGQWVuUnY5Rk8wT1lvUXplWnBBcEtDTm1hY1hQU3FzMHhFMk4yb1RkdmtqZ2VmUkk4WmpMbnkyM2gvRktKM2NyV1pnV2FsbUcrb2lqSEhLT25ObEE4T3FUZlNtN21oenZPNi9EZ2dUZWRFenhTanIyNUhUVEdIZFVLYWoyWUtYQ01pU3JScTRJUVNCL2M5TytseGJ0VkdqaGpoRTYzYksyVlZPeGxJaEJKRjdqQUhzY1ByRlJIIl19PC9zdHJpbmc+CiAgICAgICAgICAgIDwvZGljdD4KICAgICAgICA8L2FycmF5PgogICAgPC9kaWN0Pgo8L3BsaXN0Pgo=
deploymentChannel	deviceChannel

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

XenFi Wifi

WiFi settings for the SLC office.

Property	Value
@odata.type	#microsoft.graph.windowsWifiConfiguration
id	ace48d61-3a43-4ce6-99fe-26d402cb79b9
lastModifiedDateTime	07/21/2022 22:04:56
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	11/05/2021 20:34:22
description	WiFi settings for the SLC office.
displayName	XenFi Wifi
version	4
preSharedKey
wifiSecurityType	wpa2Personal
meteredConnectionLimit	unrestricted
ssid	XenFi
networkName	XenFi
connectAutomatically	True
connectToPreferredNetwork
connectWhenNetworkNameIsHidden
proxySetting	none
proxyManualAddress
proxyManualPort
proxyAutomaticConfigurationUrl
forceFIPSCompliance	True

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	apply	direct	Include

XenFi WiFi

Property	Value
@odata.type	#microsoft.graph.macOSWiFiConfiguration
id	c459745f-cbbf-4aac-bd08-b7ae4d6f2b64
lastModifiedDateTime	07/21/2022 21:28:40
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	03/25/2022 17:18:04
description
displayName	XenFi WiFi
version	5
networkName	94490a93-da69-43b9-8e82-91cfcf020a4a
ssid	XenFi
connectAutomatically	True
connectWhenNetworkNameIsHidden
wiFiSecurityType	wpaPersonal
proxySettings	none
proxyManualAddress
proxyManualPort
proxyAutomaticConfigurationUrl
deploymentChannel
preSharedKey

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Apple Business	1	Static	(device.deviceOSType -contains “macOS”) or (device.deviceOSType -contains “OS X”) or (device.deviceModel -contains “MacBook Air”) or (device.deviceModel -contains “MacBook Pro”)	apply	direct	Include

Enrollment Configuration

This section contains all Enrollment configurations in Intune.

Enrollment Limit - All users and all devices

This is the default Device Limit Restriction applied with the lowest priority to all users regardless of group membership.

All users and all devices

Property	Value
@odata.type	#microsoft.graph.deviceEnrollmentLimitConfiguration
id	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_DefaultLimit
displayName	All users and all devices
description	This is the default Device Limit Restriction applied with the lowest priority to all users regardless of group membership.
priority
createdDateTime	01/01/0001 00:00:00
lastModifiedDateTime	06/19/2024 21:08:37
version
roleScopeTagIds
deviceEnrollmentConfigurationType	limit
limit	6

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

Platform Restrictions - All users and all devices

This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.

All users and all devices

Property	Value
@odata.type	#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration
id	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_DefaultPlatformRestrictions
displayName	All users and all devices
description	This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.
priority
createdDateTime	01/01/0001 00:00:00
lastModifiedDateTime	06/19/2024 21:08:37
version
roleScopeTagIds
deviceEnrollmentConfigurationType	platformRestrictions
iosRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
windowsRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
windowsHomeSkuRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
windowsMobileRestriction	@{platformBlocked=True; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
androidRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
androidForWorkRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
macRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}
macOSRestriction	@{platformBlocked=False; personalDeviceEnrollmentBlocked=False; osMinimumVersion=; osMaximumVersion=; blockedManufacturers=System.Object[]; blockedSkus=System.Object[]}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

Windows Hello for Business - All users and all devices

This is the default Windows Hello for Business configuration applied with the lowest priority to all users regardless of group membership.

All users and all devices

Property	Value
@odata.type	#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration
id	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_DefaultWindowsHelloForBusiness
displayName	All users and all devices
description	This is the default Windows Hello for Business configuration applied with the lowest priority to all users regardless of group membership.
priority
createdDateTime	01/01/0001 00:00:00
lastModifiedDateTime	06/19/2024 21:08:37
version
roleScopeTagIds
deviceEnrollmentConfigurationType	windowsHelloForBusiness
pinMinimumLength	6
pinMaximumLength	127
pinUppercaseCharactersUsage	allowed
pinLowercaseCharactersUsage	allowed
pinSpecialCharactersUsage	allowed
state	enabled
securityDeviceRequired
unlockWithBiometricsEnabled	True
remotePassportEnabled	True
pinPreviousBlockCount	5
pinExpirationInDays
enhancedBiometricsState	enabled
securityKeyForSignIn	enabled
enhancedSignInSecurity

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

ESP - All users and all devices

This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.

All users and all devices

Property	Value
@odata.type	#microsoft.graph.windows10EnrollmentCompletionPageConfiguration
id	aeaba85a-84ce-4deb-b0fd-e22de311a7a7_DefaultWindows10EnrollmentCompletionPageConfiguration
displayName	All users and all devices
description	This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.
priority
createdDateTime	01/01/0001 00:00:00
lastModifiedDateTime	06/19/2024 21:08:37
version
roleScopeTagIds
deviceEnrollmentConfigurationType	windows10EnrollmentCompletionPageConfiguration
showInstallationProgress
blockDeviceSetupRetryByUser	True
allowDeviceResetOnInstallFailure
allowLogCollectionOnInstallFailure
customErrorMessage
installProgressTimeoutInMinutes
allowDeviceUseOnInstallFailure
selectedMobileAppIds
allowNonBlockingAppInstallation
installQualityUpdates
trackInstallProgressForAutopilotOnly
disableUserStatusTrackingAfterFirstUser

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Devices	-	BuilIn	-	-	direct	Include

ESP - Basics

Basics

Property	Value
@odata.type	#microsoft.graph.windows10EnrollmentCompletionPageConfiguration
id	9f9dc144-f24f-451b-a1fd-8893946fa431_Windows10EnrollmentCompletionPageConfiguration
displayName	Basics
description
priority	1
createdDateTime	06/13/2023 21:55:48
lastModifiedDateTime	06/15/2023 18:36:22
version	4
roleScopeTagIds	0
deviceEnrollmentConfigurationType	windows10EnrollmentCompletionPageConfiguration
showInstallationProgress	True
blockDeviceSetupRetryByUser
allowDeviceResetOnInstallFailure	True
allowLogCollectionOnInstallFailure	True
customErrorMessage	Setup could not be completed. Please try again or contact your support person for help.
installProgressTimeoutInMinutes	60
allowDeviceUseOnInstallFailure	True
selectedMobileAppIds
allowNonBlockingAppInstallation
installQualityUpdates
trackInstallProgressForAutopilotOnly	True
disableUserStatusTrackingAfterFirstUser	True

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Autopilot	1	DynamicDevice	(device.devicePhysicalIDs -any (_ -contains “[ZTDID]”))	-	direct	Include

Device Management Partners

This section contains all device management partners defined in Intune.

Jamf

Property	Value
id	007d2fff-e0dd-4b28-8595-cec005efe5cd
lastHeartbeatDateTime	01/01/0001 00:00:00
partnerState	unknown
partnerAppType	singleTenantApp
singleTenantAppId
displayName	Jamf
isConfigured
whenPartnerDevicesWillBeRemovedDateTime
whenPartnerDevicesWillBeMarkedAsNonCompliantDateTime
groupsRequiringPartnerEnrollment

PowerShell Scripts

This section contains a list of all PowerShell scripts available in Intune.

Disable Fastboot

Some lab software requires fastboot to be disabled; such as NI MAX.

Property	Value
id	0f2e88d4-cfce-40f4-9d83-7e68493c3c23
displayName	Disable Fastboot
description	Some lab software requires fastboot to be disabled; such as NI MAX.
enforceSignatureCheck
runAs32Bit
runAsAccount	system
fileName	disable-fastboot.ps1
scriptContent	Path = “HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power” $Name = “HiberbootEnabled” $Type = “DWORD” $Value = 1 Try { $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Lab Computers	1	DynamicDevice	(device.displayName -startsWith “lab-”)	-		Include

Patch CVE-2022-30190

https://github.com/XenterMD/CVE-Patching/blob/main/2022/cve-2022-30190.ps1

Property	Value
id	1570d01f-89a4-41d1-8bf6-d7ca844d1b17
displayName	Patch CVE-2022-30190
description	https://github.com/XenterMD/CVE-Patching/blob/main/2022/cve-2022-30190.ps1
enforceSignatureCheck
runAs32Bit	True
runAsAccount	system
fileName	cve-2022-30190.ps1
scriptContent	<# Source: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Workaround: To disable the MSDT URL Protocol Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system. Troubleshooters can still be accessed using the Get Help application and in system settings as other or additional troubleshooters. Follow these steps to disable: 1. Run Command Prompt as Administrator. 2. To back up the registry key, execute the command “reg export HKEY_CLASSES_ROOT\ms-msdt filename“ 3. Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”. How to undo the workaround 1. Run Command Prompt as Administrator. 2. To back up the registry key, execute the command “reg import filename” Microsoft Defender Detections & Protections Customers with Microsoft Defender Antivirus should turn-on cloud-delivered protection and automatic sample submission. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats. Customers of Microsoft Defender for Endpoint can enable attack surface reduction rule “BlockOfficeCreateProcessRule” that blocks Office apps from creating child processes. Creating malicious child processes is a common malware strategy. For more information see Attack surface reduction rules overview. Microsoft Defender Antivirus provides detections and protections for possible vulnerability exploitation under the following signatures using detection build 1.367.719.0 or newer: - Trojan:Win32/Mesdetty.A  (blocks msdt command line) - Trojan:Win32/Mesdetty.B  (blocks msdt command line) - Behavior:Win32/MesdettyLaunch.A!blk (terminates the process that launched msdt command line) Microsoft Defender for Endpoint provides customers detections and alerts. The following alert title in the Microsoft 365 Defender portal can indicate threat activity on your network: - Suspicious behavior by an Office application - Suspicious behavior by Msdt.exe #> # Define registry key $regkey = “HKEY_CLASSES_ROOT\ms-msdt” # Define backup location $bak = "C:\\registry\_ms-msdt.reg.bak" \# If regkey exists if (Test-Path -Path registry::$regkey) { Write-Host -ForegroundColor Red “Vulnerability detected: CVE-2022-30190. Beginning remediation…” # Backup registry key reg export $regkey $bak /y

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Windows	1	DynamicDevice	(device.deviceOSType -eq “Windows”)	-		Include

Enable WSL

Property	Value
id	7e9a029a-7b70-4473-b044-747dc02425dc
displayName	Enable WSL
description
enforceSignatureCheck
runAs32Bit
runAsAccount	system
fileName	Enable-Wsl.ps1
scriptContent	nable-WindowsOptionalFeature -Online -FeatureName “Microsoft-Windows-Subsystem-Linux” -All -NoRestart

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	1	DynamicUser	(user.userType -eq “Member”)	-		Include

Disable WSL

Property	Value
id	a5da6193-1070-4fa9-a6f9-ce43b7c4e53e
displayName	Disable WSL
description
enforceSignatureCheck
runAs32Bit
runAsAccount	system
fileName	Disable-Wsl.ps1
scriptContent	isable-WindowsOptionalFeature -Online -FeatureName “Microsoft-Windows-Subsystem-Linux” -NoRestart

lab-pc-configuration

This script is used to configure a lab PC for use. The following steps are taken:
1. Install Pip Packages
2. Add nipkg, python, libusb to system PATH
3. Set computers to never sleep
4. Install NI Packages

Property	Value
id	c4f64c6f-7105-4f2e-b913-fbfb5591b053
displayName	lab-pc-configuration
description	This script is used to configure a lab PC for use. The following steps are taken: 1. Install Pip Packages 2. Add nipkg, python, libusb to system PATH 3. Set computers to never sleep 4. Install NI Packages
enforceSignatureCheck
runAs32Bit
runAsAccount	system
fileName	lab-pc-configuration.ps1
scriptContent	# This script is used to configure a lab PC for use. The following steps are taken: 1. Install Pip Packages 2. Add nipkg, python, libusb to system PATH 3. Install NI Packages 4. Set computers to never sleep #> $pythonPath=‘C:\Users\LabUser\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0’ $libusbPath=‘C:\Users\LabUser\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\libusb\_platform\_windows\x64’ $nipkgPath=‘C:\Program Files\National Instruments\NI Package Manager’ $PathArray = $Env:PSModulePath.Split(";") \#$envPath=[Environment]::GetEnvironmentVariable(“Path”) # Install pip packages using pip from $pythonPath & "$pythonPath\pip.exe” install pyvisa libusb pyusb zeroconf numpy matplotlib # Add programs to path if($PathArray -notcontains $pythonPath) { \[Environment\]::SetEnvironmentVariable( "Path", \[Environment\]::GetEnvironmentVariable("Path", \[EnvironmentVariableTarget\]::Machine) + ";$pythonPath”, [EnvironmentVariableTarget]::Machine) write-host “Added Python to System Path” } if($PathArray -notcontains $libusbPath) { \[Environment\]::SetEnvironmentVariable( "Path", \[Environment\]::GetEnvironmentVariable("Path", \[EnvironmentVariableTarget\]::Machine) + ";$libusbPath”, [EnvironmentVariableTarget]::Machine) write-host “Added LibUSB to System Path” } if($PathArray -notcontains $nipkgPath) { \[Environment\]::SetEnvironmentVariable( "Path", \[Environment\]::GetEnvironmentVariable("Path", \[EnvironmentVariableTarget\]::Machine) + ";$nipkgPath”, [EnvironmentVariableTarget]::Machine) write-host “Added nipkg to System Path” } # Reload PATH $env:Path = [System.Environment]::GetEnvironmentVariable(“Path”,“Machine”) + “;” + [System.Environment]::GetEnvironmentVariable(“Path”,“User”) # Configure computer to never sleep (set to 0 to never sleep) powercfg -change -standby-timeout-ac 0 # Install NI Packages nipkg.exe install –accept-eulas ni-system-configuration ni-visa ni-hwcfg-utility ni-max ni-syscfg-dotnet-runtime ni-syscfg-cvi-support ni-usblandevice ni-web-based-configuration

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
Lab Computers	1	DynamicDevice	(device.displayName -startsWith “lab-”)	-		Include

Disable Application Guard

Disable application guard because it has been depreceated by Microsoft

Property	Value
id	c547194e-2180-4764-bb7f-11911ebefded
displayName	Disable Application Guard
description	Disable application guard because it has been depreceated by Microsoft
enforceSignatureCheck
runAs32Bit
runAsAccount	system
fileName	disable application guard.ps1
scriptContent	Set execution policy for the current session Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force try { if ((Get-WindowsOptionalFeature -FeatureName Windows-Defender-ApplicationGuard -Online).State -eq “Enabled”) { Disable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard -NoRestart } } catch { Write-Output “An error occurred: $($_.Exception.Message)” }

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	-	BuilIn	-	-		Include

Windows Update Configuration

This section contains a list of all Windows Update configuration profiles available in Intune.

Update policy for Windows 10 devices

Property	Value
@odata.type	#microsoft.graph.windowsUpdateForBusinessConfiguration
id	b1845d94-b421-44be-855b-35449c956e7c
lastModifiedDateTime	11/01/2021 21:44:07
roleScopeTagIds	0
supportsScopeTags	True
deviceManagementApplicabilityRuleOsEdition
deviceManagementApplicabilityRuleOsVersion
deviceManagementApplicabilityRuleDeviceMode
createdDateTime	09/09/2021 16:45:43
description
displayName	Update policy for Windows 10 devices
version	2
deliveryOptimizationMode	httpWithPeeringNat
prereleaseFeatures	userDefined
automaticUpdateMode	autoInstallAtMaintenanceTime
microsoftUpdateServiceAllowed	True
driversExcluded
qualityUpdatesDeferralPeriodInDays
featureUpdatesDeferralPeriodInDays
qualityUpdatesPaused
featureUpdatesPaused
qualityUpdatesPauseExpiryDateTime	01/01/0001 00:00:00
featureUpdatesPauseExpiryDateTime	01/01/0001 00:00:00
businessReadyUpdatesOnly	all
skipChecksBeforeRestart
updateWeeks
qualityUpdatesPauseStartDate
featureUpdatesPauseStartDate
featureUpdatesRollbackWindowInDays
qualityUpdatesWillBeRolledBack
featureUpdatesWillBeRolledBack
qualityUpdatesRollbackStartDateTime	01/01/0001 00:00:00
featureUpdatesRollbackStartDateTime	01/01/0001 00:00:00
engagedRestartDeadlineInDays
engagedRestartSnoozeScheduleInDays
engagedRestartTransitionScheduleInDays
deadlineForFeatureUpdatesInDays
deadlineForQualityUpdatesInDays
deadlineGracePeriodInDays
postponeRebootUntilAfterDeadline
autoRestartNotificationDismissal	notConfigured
scheduleRestartWarningInHours
scheduleImminentRestartWarningInMinutes
userPauseAccess	notConfigured
userWindowsUpdateScanAccess	notConfigured
updateNotificationLevel	notConfigured
allowWindows11Upgrade
installationSchedule	@{@odata.type=#microsoft.graph.windowsUpdateActiveHoursInstall; activeHoursStart=06:00:00.0000000; activeHoursEnd=22:00:00.0000000}

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	1	DynamicUser	(user.userType -eq “Member”)	apply	direct	Include

Mobile Apps

This section contains a list of all applications available in Intune.

Publisher	DisplayName	Type	Assignments
15Five	15Five	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
8bit Solutions LLC	Bitwarden	winGetApp	allLicensedUsersAssignmentTarget - Intent:uninstall allDevicesAssignmentTarget - Intent:uninstall
8bit Solutions LLC	Bitwarden Password Manager	iosStoreApp	Apple Business - Intent:availableWithoutEnrollment
Adobe	Adobe Acrobat Reader DC	win32LobApp	allLicensedUsersAssignmentTarget - Intent:required allDevicesAssignmentTarget - Intent:available
Adobe	Adobe Acrobat Reader: Edit PDF	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Adobe	Adobe Acrobat Sign	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Amazon Mobile LLC	Amazon Shopping	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Apple	Apple Configurator	iosStoreApp	Information Technology - Intent:available - Intent:available
AQA Company	ISOXpress	winMobileMSI	allDevicesAssignmentTarget - Intent:required
Ashish Kulkarni	wkhtmltopdf	win32LobApp	Lab Computers - Intent:required
Atlassian	Jira Cloud by Atlassian	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Authy	Twilio Authy Authenticator	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
AWS Mobile LLC	AWS Console	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Bill.com Inc.	BILL Spend & Expense (Divvy)	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Bitwarden	Bitwarden	macOSDmgApp	Apple Business - Intent:required
Bitwarden Inc	Bitwarden	win32LobApp	allDevicesAssignmentTarget - Intent:required
Bitwarden Inc.	Bitwarden Password Manager	androidManagedStoreApp	- Intent:availableWithoutEnrollment
Brother Industries, Ltd.	Brother Print Service Plugin	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Canonical Group Limited	Ubuntu 20.04.6 LTS	winGetApp	allLicensedUsersAssignmentTarget - Intent:available
Dynalist Inc.	Obsidian	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
GitHub	GitHub	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Google	Google Chrome	winMobileMSI	allLicensedUsersAssignmentTarget - Intent:available Lab Computers - Intent:required
Google LLC	Gboard - the Google Keyboard	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Google LLC	Gmail	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Google LLC	Google Authenticator	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Google LLC	Google Chrome	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Kenji Mouri	NanaZip	winGetApp	allDevicesAssignmentTarget - Intent:required
LinkedIn	LinkedIn: Jobs & Business News	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Michael Rumpler	Royal TSD Lite	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft	Microsoft 365 Apps for macOS	macOSOfficeSuiteApp	Apple Business - Intent:required allLicensedUsersAssignmentTarget - Intent:available
Microsoft	Microsoft 365 Apps for Windows 10 and later	officeSuiteApp	allLicensedUsersAssignmentTarget - Intent:available allDevicesAssignmentTarget - Intent:required
Microsoft	Microsoft Azure CLI (64-bit)	winMobileMSI	Information Technology - Intent:available
Microsoft	Microsoft Defender for Endpoint (macOS)	macOSMicrosoftDefenderApp	allDevicesAssignmentTarget - Intent:required
Microsoft	Microsoft Edge for macOS	macOSMicrosoftEdgeApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft	Powershell 7.2.5	macOSLobApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft	Project	officeSuiteApp	SET - Intent:required
Microsoft	SQL Server Management Studio	win32LobApp	Software - Intent:available
Microsoft	Visio	officeSuiteApp	Visio - Intent:available Visio - Intent:required
Microsoft	VS Code	win32LobApp	allLicensedUsersAssignmentTarget - Intent:available Lab Computers - Intent:required
Microsoft Corporation	Azure Information Protection	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Company Portal	winGetApp	allLicensedUsersAssignmentTarget - Intent:required
Microsoft Corporation	Dynamics 365 Business Central	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	HEIF Image Extensions	winGetApp	allLicensedUsersAssignmentTarget - Intent:required
Microsoft Corporation	Intune Company Portal	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:availableWithoutEnrollment allDevicesAssignmentTarget - Intent:required
Microsoft Corporation	Link to Windows	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft 365 (Office)	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft 365 Admin	androidManagedStoreApp	Information Technology - Intent:available - Intent:available
Microsoft Corporation	Microsoft Authenticator	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Azure	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Edge: AI browser	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Edge: Web Browser	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Excel	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Excel: Spreadsheets	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Intune	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:availableWithoutEnrollment allDevicesAssignmentTarget - Intent:required
Microsoft Corporation	Microsoft Intune Company Portal	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:required
Microsoft Corporation	Microsoft Launcher	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Lens - PDF Scanner	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Math Solver	androidManagedStoreApp	All Users - Intent:available
Microsoft Corporation	Microsoft Office	iosStoreApp	allDevicesAssignmentTarget - Intent:required
Microsoft Corporation	Microsoft OneDrive	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft OneDrive	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft OneNote	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft OneNote: Save Notes	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Outlook	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Outlook	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Planner	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Power BI	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft PowerPoint	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft PowerPoint	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft SharePoint	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Teams	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Teams	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft To Do: Lists & Tasks	androidManagedStoreApp	All Users - Intent:available
Microsoft Corporation	Microsoft Translator	androidManagedStoreApp	All Users - Intent:available
Microsoft Corporation	Microsoft Word	iosStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Microsoft Word: Edit Documents	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Power Apps	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Power Automate	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	Remote Desktop	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Microsoft Corporation	VP9 Video Extensions	winGetApp	allLicensedUsersAssignmentTarget - Intent:required
Mozilla	Firefox Fast & Private Browser	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Mozilla	Mozilla Firefox	winGetApp	allLicensedUsersAssignmentTarget - Intent:available allDevicesAssignmentTarget - Intent:required
mRemoteNG	mRemoteNG	winMobileMSI	allLicensedUsersAssignmentTarget - Intent:available
National Instruments	NI Package Manager	win32LobApp	allLicensedUsersAssignmentTarget - Intent:available Lab Computers - Intent:required
Okta Inc.	Okta Verify	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
OpenVPN	OpenVPN Connect – OpenVPN App	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Oracle America, Inc.	NetSuite	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
People Center Inc.	Rippling - HR, IT & Finance	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
People Center Inc.	Rippling - Time Clock	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Pritunl	Pritunl	win32LobApp	allLicensedUsersAssignmentTarget - Intent:required
Pritunl, Inc.	Pritunl	macOSLobApp	Apple Business - Intent:available
Python Software Foundation	Python 3.8	win32LobApp	allLicensedUsersAssignmentTarget - Intent:available
RealVNC Limited	RealVNC Viewer: Remote Desktop	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Rippling People Center Inc.	Rippling	macOSDmgApp	Apple Business - Intent:required allDevicesAssignmentTarget - Intent:required
Royal Apps GmbH	Royal TSX	macOSDmgApp	Information Technology - Intent:required
scloud	Screensaver Deployment	win32LobApp	allLicensedUsersAssignmentTarget - Intent:required
Spiceworks	Spiceworks Agent Shell	winMobileMSI	allLicensedUsersAssignmentTarget - Intent:required
SwiftKey	Microsoft SwiftKey AI Keyboard	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Termius Corporation	Termius - SSH and SFTP client	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
The Python Software Foundation	Python 3.12	win32LobApp	allLicensedUsersAssignmentTarget - Intent:available
Vibe Inc	Vibe Canvas	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available
Zoom Video Communications, Inc.	Zoom Client	macOSLobApp	allLicensedUsersAssignmentTarget - Intent:available
Zoom Video Communications, Inc.	Zoom Outlook Plugin	macOSLobApp	allLicensedUsersAssignmentTarget - Intent:available
Zoom Video Communications, Inc.	Zoom Workplace (64-bit)	winMobileMSI	allDevicesAssignmentTarget - Intent:required
zoom.us	Zoom Rooms Controller	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:availableWithoutEnrollment
zoom.us	Zoom Workplace	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:availableWithoutEnrollment
zoom.us	Zoom Workplace for Intune	androidManagedStoreApp	allLicensedUsersAssignmentTarget - Intent:available

Mobile App Management

This section contains a list of all mobile applications management policies available in Intune.

OneDrive mobile policy

OneDrive mobile policy UX set via Admin UX

Property	Value
@odata.type	#microsoft.graph.defaultManagedAppProtection
displayName	OneDrive mobile policy
description	OneDrive mobile policy UX set via Admin UX
createdDateTime	08/13/2020 16:10:52
lastModifiedDateTime	01/05/2022 00:06:26
roleScopeTagIds	0
id	G_4ef35a8f-185a-4b67-8210-278957c7b64c
version	“20002f81-0000-0300-0000-61d4e1020000”
periodOfflineBeforeAccessCheck	PT1H30M
periodOnlineBeforeAccessCheck	P7D
allowedInboundDataTransferSources	allApps
allowedOutboundDataTransferDestinations	allApps
organizationalCredentialsRequired
allowedOutboundClipboardSharingLevel	allApps
dataBackupBlocked
deviceComplianceRequired
managedBrowserToOpenLinksRequired
saveAsBlocked
periodOfflineBeforeWipeIsEnforced	P720D
pinRequired
maximumPinRetries	5
simplePinBlocked
minimumPinLength	8
pinCharacterSet	numeric
periodBeforePinReset	PT0S
allowedDataStorageLocations
contactSyncBlocked
printBlocked
fingerprintBlocked
disableAppPinIfDevicePinIsSet
maximumRequiredOsVersion
maximumWarningOsVersion
maximumWipeOsVersion
minimumRequiredOsVersion
minimumWarningOsVersion
minimumRequiredAppVersion
minimumWarningAppVersion
minimumWipeOsVersion
minimumWipeAppVersion
appActionIfDeviceComplianceRequired	block
appActionIfMaximumPinRetriesExceeded	block
pinRequiredInsteadOfBiometricTimeout
allowedOutboundClipboardSharingExceptionLength
notificationRestriction	allow
previousPinBlockCount
managedBrowser	notConfigured
maximumAllowedDeviceThreatLevel	notConfigured
mobileThreatDefenseRemediationAction	block
mobileThreatDefensePartnerPriority
blockDataIngestionIntoOrganizationDocuments
allowedDataIngestionLocations
appActionIfUnableToAuthenticateUser
dialerRestrictionLevel	allApps
gracePeriodToBlockAppsDuringOffClockHours
protectedMessagingRedirectAppType	anyApp
appDataEncryptionType	useDeviceSettings
screenCaptureBlocked
allowWidgetContentSync
encryptAppData
disableAppEncryptionIfDeviceEncryptionIsEnabled
minimumRequiredSdkVersion
deployedAppCount
minimumRequiredPatchVersion	0000-00-00
minimumWarningPatchVersion	0000-00-00
faceIdBlocked
minimumWipeSdkVersion
minimumWipePatchVersion	0000-00-00
allowedIosDeviceModels
appActionIfIosDeviceModelNotAllowed	block
allowedAndroidDeviceManufacturers
appActionIfAndroidDeviceManufacturerNotAllowed	block
thirdPartyKeyboardsBlocked
filterOpenInToOnlyManagedApps
disableProtectionOfManagedOutboundOpenInData
protectInboundDataFromUnknownSources
requiredAndroidSafetyNetDeviceAttestationType	none
appActionIfAndroidSafetyNetDeviceAttestationFailed	block
requiredAndroidSafetyNetAppsVerificationType	none
appActionIfAndroidSafetyNetAppsVerificationFailed	block
customBrowserProtocol
customBrowserPackageId
customBrowserDisplayName
minimumRequiredCompanyPortalVersion
minimumWarningCompanyPortalVersion
minimumWipeCompanyPortalVersion
allowedAndroidDeviceModels
appActionIfAndroidDeviceModelNotAllowed	block
customDialerAppProtocol
customDialerAppPackageId
customDialerAppDisplayName
biometricAuthenticationBlocked
requiredAndroidSafetyNetEvaluationType	basic
blockAfterCompanyPortalUpdateDeferralInDays
warnAfterCompanyPortalUpdateDeferralInDays
wipeAfterCompanyPortalUpdateDeferralInDays
deviceLockRequired
appActionIfDeviceLockNotSet	block
connectToVpnOnLaunch
appActionIfDevicePasscodeComplexityLessThanLow
appActionIfAccountIsClockedOut
appActionIfDevicePasscodeComplexityLessThanMedium
appActionIfDevicePasscodeComplexityLessThanHigh
requireClass3Biometrics
requirePinAfterBiometricChange
fingerprintAndBiometricEnabled
minimumWarningSdkVersion
messagingRedirectAppUrlScheme
messagingRedirectAppDisplayName
messagingRedirectAppPackageId
customSettings
exemptedAppProtocols
exemptedAppPackages

OneDrive mobile policy

OneDrive mobile policy UX set via Admin UX

Property	Value
@odata.type	#microsoft.graph.defaultManagedAppProtection
displayName	OneDrive mobile policy
description	OneDrive mobile policy UX set via Admin UX
createdDateTime	08/13/2020 16:11:25
lastModifiedDateTime	01/05/2022 00:06:26
roleScopeTagIds	0
id	G_7db7347d-71bd-4eb6-8d28-3103c1fc24bb
version	“11008d05-0000-0300-0000-61d4e1020000”
periodOfflineBeforeAccessCheck	PT1H30M
periodOnlineBeforeAccessCheck	P7D
allowedInboundDataTransferSources	allApps
allowedOutboundDataTransferDestinations	allApps
organizationalCredentialsRequired
allowedOutboundClipboardSharingLevel	allApps
dataBackupBlocked
deviceComplianceRequired
managedBrowserToOpenLinksRequired
saveAsBlocked
periodOfflineBeforeWipeIsEnforced	P720D
pinRequired
maximumPinRetries	5
simplePinBlocked
minimumPinLength	8
pinCharacterSet	numeric
periodBeforePinReset	PT0S
allowedDataStorageLocations
contactSyncBlocked
printBlocked
fingerprintBlocked
disableAppPinIfDevicePinIsSet
maximumRequiredOsVersion
maximumWarningOsVersion
maximumWipeOsVersion
minimumRequiredOsVersion
minimumWarningOsVersion
minimumRequiredAppVersion
minimumWarningAppVersion
minimumWipeOsVersion
minimumWipeAppVersion
appActionIfDeviceComplianceRequired	block
appActionIfMaximumPinRetriesExceeded	block
pinRequiredInsteadOfBiometricTimeout
allowedOutboundClipboardSharingExceptionLength
notificationRestriction	allow
previousPinBlockCount
managedBrowser	notConfigured
maximumAllowedDeviceThreatLevel	notConfigured
mobileThreatDefenseRemediationAction	block
mobileThreatDefensePartnerPriority
blockDataIngestionIntoOrganizationDocuments
allowedDataIngestionLocations
appActionIfUnableToAuthenticateUser
dialerRestrictionLevel	allApps
gracePeriodToBlockAppsDuringOffClockHours
protectedMessagingRedirectAppType	anyApp
appDataEncryptionType	useDeviceSettings
screenCaptureBlocked
allowWidgetContentSync
encryptAppData	True
disableAppEncryptionIfDeviceEncryptionIsEnabled
minimumRequiredSdkVersion
deployedAppCount	2
minimumRequiredPatchVersion	0000-00-00
minimumWarningPatchVersion	0000-00-00
faceIdBlocked
minimumWipeSdkVersion
minimumWipePatchVersion	0000-00-00
allowedIosDeviceModels
appActionIfIosDeviceModelNotAllowed	block
allowedAndroidDeviceManufacturers
appActionIfAndroidDeviceManufacturerNotAllowed	block
thirdPartyKeyboardsBlocked
filterOpenInToOnlyManagedApps
disableProtectionOfManagedOutboundOpenInData
protectInboundDataFromUnknownSources
requiredAndroidSafetyNetDeviceAttestationType	none
appActionIfAndroidSafetyNetDeviceAttestationFailed	block
requiredAndroidSafetyNetAppsVerificationType	none
appActionIfAndroidSafetyNetAppsVerificationFailed	block
customBrowserProtocol
customBrowserPackageId
customBrowserDisplayName
minimumRequiredCompanyPortalVersion
minimumWarningCompanyPortalVersion
minimumWipeCompanyPortalVersion
allowedAndroidDeviceModels
appActionIfAndroidDeviceModelNotAllowed	block
customDialerAppProtocol
customDialerAppPackageId
customDialerAppDisplayName
biometricAuthenticationBlocked
requiredAndroidSafetyNetEvaluationType	basic
blockAfterCompanyPortalUpdateDeferralInDays
warnAfterCompanyPortalUpdateDeferralInDays
wipeAfterCompanyPortalUpdateDeferralInDays
deviceLockRequired
appActionIfDeviceLockNotSet	block
connectToVpnOnLaunch
appActionIfDevicePasscodeComplexityLessThanLow
appActionIfAccountIsClockedOut
appActionIfDevicePasscodeComplexityLessThanMedium
appActionIfDevicePasscodeComplexityLessThanHigh
requireClass3Biometrics
requirePinAfterBiometricChange
fingerprintAndBiometricEnabled
minimumWarningSdkVersion
messagingRedirectAppUrlScheme
messagingRedirectAppDisplayName
messagingRedirectAppPackageId
customSettings
exemptedAppProtocols
exemptedAppPackages

Default iOS Policy

{}

Property	Value
@odata.type	#microsoft.graph.iosManagedAppProtection
displayName	Default iOS Policy
description	{}
createdDateTime	08/21/2020 02:22:28
lastModifiedDateTime	01/04/2022 21:52:23
roleScopeTagIds	0
id	T_59f5d989-43c2-499f-a5a4-d3f335855a4d
version	“0b00b4a3-0000-0300-0000-61d4c1970000”
periodOfflineBeforeAccessCheck	PT12H
periodOnlineBeforeAccessCheck	PT12H
allowedInboundDataTransferSources	allApps
allowedOutboundDataTransferDestinations	allApps
organizationalCredentialsRequired
allowedOutboundClipboardSharingLevel	allApps
dataBackupBlocked
deviceComplianceRequired
managedBrowserToOpenLinksRequired
saveAsBlocked
periodOfflineBeforeWipeIsEnforced	P1D
pinRequired
maximumPinRetries	5
simplePinBlocked
minimumPinLength	4
pinCharacterSet	numeric
periodBeforePinReset	PT0S
allowedDataStorageLocations
contactSyncBlocked
printBlocked
fingerprintBlocked
disableAppPinIfDevicePinIsSet
maximumRequiredOsVersion
maximumWarningOsVersion
maximumWipeOsVersion
minimumRequiredOsVersion
minimumWarningOsVersion
minimumRequiredAppVersion
minimumWarningAppVersion
minimumWipeOsVersion
minimumWipeAppVersion
appActionIfDeviceComplianceRequired	block
appActionIfMaximumPinRetriesExceeded	block
pinRequiredInsteadOfBiometricTimeout
allowedOutboundClipboardSharingExceptionLength
notificationRestriction	allow
previousPinBlockCount
managedBrowser	notConfigured
maximumAllowedDeviceThreatLevel	notConfigured
mobileThreatDefenseRemediationAction	block
mobileThreatDefensePartnerPriority
blockDataIngestionIntoOrganizationDocuments
allowedDataIngestionLocations
appActionIfUnableToAuthenticateUser
dialerRestrictionLevel	allApps
gracePeriodToBlockAppsDuringOffClockHours
protectedMessagingRedirectAppType	anyApp
isAssigned	True
targetedAppManagementLevels	unspecified
appGroupType	selectedPublicApps
appDataEncryptionType	useDeviceSettings
minimumRequiredSdkVersion
deployedAppCount
faceIdBlocked
allowWidgetContentSync
minimumWipeSdkVersion
allowedIosDeviceModels
appActionIfIosDeviceModelNotAllowed	block
appActionIfAccountIsClockedOut
thirdPartyKeyboardsBlocked
filterOpenInToOnlyManagedApps
disableProtectionOfManagedOutboundOpenInData
protectInboundDataFromUnknownSources
customBrowserProtocol
customDialerAppProtocol
managedUniversalLinks	http://.sharepoint.com/ http://.sharepoint-df.com/ http://.yammer.com/ http://.onedrive.com/ http://tasks.office.com/* http://to-do.microsoft.com/sharing* http://web.microsoftstream.com/video/* http://msit.microsoftstream.com/video/* http://.powerbi.com/ http://app.powerbi.cn/* http://app.powerbigov.us/* http://app.powerbi.de/* http://.service-now.com/ http://.appsplatform.us/ http://.powerapps.cn/ http://.powerapps.com/ http://.powerapps.us/ http://teams.microsoft.com/l/ http://devspaces.skype.com/l/ http://teams.live.com/l/ http://collab.apps.mil/l/ http://teams.microsoft.us/l/ http://teams-fl.microsoft.com/l/ http://.zoom.us/ http://zoom.us/* https://.sharepoint.com/ https://.sharepoint-df.com/ https://.yammer.com/ https://.onedrive.com/ https://tasks.office.com/* https://to-do.microsoft.com/sharing* https://web.microsoftstream.com/video/* https://msit.microsoftstream.com/video/* https://.powerbi.com/ https://app.powerbi.cn/* https://app.powerbigov.us/* https://app.powerbi.de/* https://.service-now.com/ https://.appsplatform.us/ https://.powerapps.cn/ https://.powerapps.com/ https://.powerapps.us/ https://teams.microsoft.com/l/ https://devspaces.skype.com/l/ https://teams.live.com/l/ https://collab.apps.mil/l/ https://teams.microsoft.us/l/ https://teams-fl.microsoft.com/l/ https://.zoom.us/ https://zoom.us/*
exemptedUniversalLinks	http://maps.apple.com https://maps.apple.com http://facetime.apple.com https://facetime.apple.com
minimumWarningSdkVersion
messagingRedirectAppUrlScheme
exemptedAppProtocols
Targeted Apps

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	1	DynamicUser	(user.userType -eq “Member”)	-	direct	Include

Default Android Policy

{}

Property	Value
@odata.type	#microsoft.graph.androidManagedAppProtection
displayName	Default Android Policy
description	{}
createdDateTime	08/21/2020 01:45:36
lastModifiedDateTime	01/04/2022 21:52:25
roleScopeTagIds	0
id	T_52e262b6-b544-4544-82f3-9f636563cb2e
version	“0b0095a8-0000-0300-0000-61d4c1990000”
periodOfflineBeforeAccessCheck	PT12H
periodOnlineBeforeAccessCheck	PT12H
allowedInboundDataTransferSources	allApps
allowedOutboundDataTransferDestinations	allApps
organizationalCredentialsRequired
allowedOutboundClipboardSharingLevel	allApps
dataBackupBlocked
deviceComplianceRequired
managedBrowserToOpenLinksRequired
saveAsBlocked
periodOfflineBeforeWipeIsEnforced	P1D
pinRequired
maximumPinRetries	5
simplePinBlocked
minimumPinLength	4
pinCharacterSet	numeric
periodBeforePinReset	PT0S
allowedDataStorageLocations
contactSyncBlocked
printBlocked
fingerprintBlocked
disableAppPinIfDevicePinIsSet
maximumRequiredOsVersion
maximumWarningOsVersion
maximumWipeOsVersion
minimumRequiredOsVersion
minimumWarningOsVersion
minimumRequiredAppVersion
minimumWarningAppVersion
minimumWipeOsVersion
minimumWipeAppVersion
appActionIfDeviceComplianceRequired	block
appActionIfMaximumPinRetriesExceeded	block
pinRequiredInsteadOfBiometricTimeout
allowedOutboundClipboardSharingExceptionLength
notificationRestriction	allow
previousPinBlockCount
managedBrowser	notConfigured
maximumAllowedDeviceThreatLevel	notConfigured
mobileThreatDefenseRemediationAction	block
mobileThreatDefensePartnerPriority
blockDataIngestionIntoOrganizationDocuments
allowedDataIngestionLocations
appActionIfUnableToAuthenticateUser
dialerRestrictionLevel	allApps
gracePeriodToBlockAppsDuringOffClockHours
protectedMessagingRedirectAppType	anyApp
isAssigned	True
targetedAppManagementLevels	unspecified
appGroupType	selectedPublicApps
screenCaptureBlocked
disableAppEncryptionIfDeviceEncryptionIsEnabled
encryptAppData
deployedAppCount
minimumRequiredPatchVersion	0000-00-00
minimumWarningPatchVersion	0000-00-00
minimumWipePatchVersion	0000-00-00
allowedAndroidDeviceManufacturers
appActionIfAndroidDeviceManufacturerNotAllowed	block
appActionIfAccountIsClockedOut
appActionIfSamsungKnoxAttestationRequired
requiredAndroidSafetyNetDeviceAttestationType	none
appActionIfAndroidSafetyNetDeviceAttestationFailed	block
requiredAndroidSafetyNetAppsVerificationType	none
appActionIfAndroidSafetyNetAppsVerificationFailed	block
customBrowserPackageId
customBrowserDisplayName
minimumRequiredCompanyPortalVersion
minimumWarningCompanyPortalVersion
minimumWipeCompanyPortalVersion
keyboardsRestricted
allowedAndroidDeviceModels
appActionIfAndroidDeviceModelNotAllowed	block
customDialerAppPackageId
customDialerAppDisplayName
biometricAuthenticationBlocked
requiredAndroidSafetyNetEvaluationType	basic
blockAfterCompanyPortalUpdateDeferralInDays
warnAfterCompanyPortalUpdateDeferralInDays
wipeAfterCompanyPortalUpdateDeferralInDays
deviceLockRequired
appActionIfDeviceLockNotSet	block
connectToVpnOnLaunch
appActionIfDevicePasscodeComplexityLessThanLow
appActionIfDevicePasscodeComplexityLessThanMedium
appActionIfDevicePasscodeComplexityLessThanHigh
requireClass3Biometrics
requirePinAfterBiometricChange
fingerprintAndBiometricEnabled
messagingRedirectAppPackageId
messagingRedirectAppDisplayName
exemptedAppPackages
approvedKeyboards
Targeted Apps

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	1	DynamicUser	(user.userType -eq “Member”)	-	direct	Include

Default Windows 10 Application Policy

{}

Property	Value
@odata.type	#microsoft.graph.mdmWindowsInformationProtectionPolicy
displayName	Default Windows 10 Application Policy
description	{}
createdDateTime	08/13/2020 20:14:02
lastModifiedDateTime	11/16/2021 21:45:58
roleScopeTagIds	0
id	M_81118850-9b16-465e-9d2a-83af981ae866
version	7
enforcementLevel	noProtection
enterpriseDomain	xentermd.com
protectionUnderLockConfigRequired	True
revokeOnUnenrollDisabled
rightsManagementServicesTemplateId
azureRightsManagementServicesAllowed
iconsVisible	True
enterpriseIPRangesAreAuthoritative
enterpriseProxyServersAreAuthoritative
indexingEncryptedStoresOrItemsBlocked
isAssigned	True
enterpriseProtectedDomainNames
dataRecoveryCertificate	@{subjectName=OU=EFS File Encryption Certificate, L=EFS, CN=RexLinder; description=dra_recovery_key_microsoft365.CER; expirationDateTime=07/20/2120 02:50:05; certificate=}
protectedApps	Internet Explorer, Word, Excel, PowerPoint, OneDrive, OneNote, Mail and Calendar, Skype for Business, Microsoft Edge
exemptApps
enterpriseNetworkDomainNames
enterpriseProxiedDomains
enterpriseIPRanges
enterpriseProxyServers
enterpriseInternalProxyServers
neutralDomainResources
smbAutoEncryptedFileExtensions

Assignments

Name	MemberCount	GroupType	DynamicRule	Intent	Source	AssignType
All Users	1	DynamicUser	(user.userType -eq “Member”)	-	direct	Include

Contents

Device Configuration (ADMX)

Microsoft Edge Policy

Assignments

Settings

Turn off Autoplay

Assignments

Settings

Apple Configuration

Autopilot Profiles

Conference Rooms

Assignments

User Devices

Assignments

Compliance Policies

Default Windows 10 Compliance Policy

Assignments

Default compliance policy for Android

Assignments

Device Configuration Policies (Settings Catalog)

Alllow KnowBe4 Second Chance

Assignments

Settings

Block process creation PSExec and WMI

Assignments

Settings

BlockAdobeCreateChildProcess

Assignments

Settings

BlockExecutableFromEmail Audit

Assignments

Settings

BlockOfficeCreateProcessRule

Assignments

Settings

Default EDR policy for all devices

Assignments

Settings

EnableControlledFolderAccess

Assignments

Settings

Firewall Windows default policy

Assignments

Settings

Force Enable Application Guard

Settings

Full ASR Rule Audit

Assignments

Settings

MS Edge Baseline

Assignments

Settings

NGP Windows default policy

Assignments

Settings

Device Configuration

ADMX Firefox Default Policies

Assignments

Custom OMA-Uri

Baseline Android Device Restrictions

Assignments

Disable MS WUDO

Assignments

Mac Approve System Extensions

Assignments

Mac Defender for Endpoint Full Disk Access

Assignments

Mac Defender for Endpoint Network Filter

Assignments

Mac Defender for Endpoint Notifications

Assignments

Mac Firewall

Assignments

Mac Kernel Extensions

Assignments

Mac MDATP onboarding

Assignments

XenFi Wifi

Assignments

XenFi WiFi