Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
{
"description": "Best Practices Endpoint Security ASR ASR rules",
"templateid": "6cc38b89-6087-49c5-9fcf-a9b8c2eca81d",
"displayName": "BP - Endpoint ASR ASR rules - Windows 10",
"value": [
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeMacroCodeAllowWin32ImportsType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsExecutableContentCreationOrLaunchType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderGuardedFoldersAllowedAppPaths",
"valueJson": "null",
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderEmailContentExecutionType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderUntrustedExecutableType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeCommunicationAppsLaunchChildProcess",
"valueJson": "\"enable\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "enable"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdobeReaderLaunchChildProcess",
"valueJson": "\"enable\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "enable"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptDownloadedPayloadExecutionType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderUntrustedUSBProcessType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderGuardMyFoldersType",
"valueJson": "\"auditMode\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "auditMode"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAttackSurfaceReductionExcludedPaths",
"valueJson": "null",
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderProcessCreationType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderPreventCredentialStealingType",
"valueJson": "\"enable\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "enable"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderScriptObfuscatedMacroCodeType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdvancedRansomewareProtectionType",
"valueJson": "\"enable\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "enable"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsLaunchChildProcessType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderOfficeAppsOtherProcessInjectionType",
"valueJson": "\"block\"",
"@odata.type": "#microsoft.graph.deviceManagementStringSettingInstance",
"value": "block"
},
{
"definitionId": "deviceConfiguration--windows10EndpointProtectionConfiguration_defenderAdditionalGuardedFolders",
"valueJson": "null",
"@odata.type": "#microsoft.graph.deviceManagementCollectionSettingInstance"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment