Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Set-JumpHostDefenderConfiguration
function Set-JumpHostDefenderConfiguration
{
<#
.Synopsis
Set-JumpHostDefenderConfiguration
.DESCRIPTION
Set-JumpHostDefenderConfiguration configures the following Defender Security settings for JumpHosts that are not
managed by Intune
- Attack Service Rules
- Network Protection
- Potentially unwanted applications
- MAPS Reporting
- Cloud check timeout (50 seconds)
- Block level - High
.EXAMPLE
Set-JumpHostDefenderConfiguration
The above command configures all defender settings for a non-managed device
.NOTES
Author: Alex Verboon
Date: 29.04.2020
Description: Initial version
#>
[CmdletBinding()]
Param
()
Begin
{
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
Write-Warning "You are not running this as local administrator. Run it again in an elevated prompt." ; break
}
}
Process
{
Write-Output "Start configuring Windows Defender"
Write-Output "Enabling Attack Surface Rules"
Add-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EfC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 3B576869-A4EC-4529-8536-B80A7769E899 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids D3E037E1-3EB8-44C8-A917-57927947596D -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids D1E49AAC-8F56-4280-B9BA-993A6D77406C -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids C1DB55AB-C21A-4637-BB3F-A12568109D35 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-CD74-433A-B99E-2ECDC07BFC25 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49E8-8B27-EB1D0A1CE869 -AttackSurfaceReductionRules_Actions Enabled
Add-MpPreference -AttackSurfaceReductionRules_Ids 7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C -AttackSurfaceReductionRules_Actions Enabled
Write-Output "Enable Network Protection"
Set-MpPreference -EnableNetworkProtection Enabled
Write-Output "Set MAPS Reporting to Advanced"
Set-MpPreference -MAPSReporting Advanced
Write-Output "Enable Block Potentially unwanted applications"
Set-MpPreference -PUAProtection Enabled
Write-Output "Set Cloud check timeout to 50"
Set-MpPreference -CloudExtendedTimeout 50
Write-Output "Set Cloud Block Level to High"
Set-MpPreference -CloudBlockLevel High
Write-Output "Set Sending all samples"
Set-MpPreference -SubmitSamplesConsent SendAllSamples
Write-Output "Enable File Hash computation"
Set-MpPreference -EnableFileHashComputation:$true
Write-Output "Completed configuring Windows Defender"
}
End
{}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment