Set-JumpHostDefenderConfiguration

Set-JumpHostDefenderConfiguration.ps1

function Set-JumpHostDefenderConfiguration
{
<#
.Synopsis
   Set-JumpHostDefenderConfiguration
.DESCRIPTION
   Set-JumpHostDefenderConfiguration configures the following Defender Security settings for JumpHosts that are not
   managed by Intune

   - Attack Service Rules
   - Network Protection
   - Potentially unwanted applications
   - MAPS Reporting
   - Cloud check timeout (50 seconds)
   - Block level - High

.EXAMPLE
   Set-JumpHostDefenderConfiguration

   The above command configures all defender settings for a non-managed device

.NOTES
    Author: Alex Verboon
    Date: 29.04.2020
    Description: Initial version
#>

    [CmdletBinding()]
    Param
    ()

    Begin
    {
        if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
        {
            Write-Warning "You are not running this as local administrator. Run it again in an elevated prompt." ; break
        }
    }
    Process
    {
        Write-Output "Start configuring Windows Defender"

        Write-Output "Enabling Attack Surface Rules"
        Add-MpPreference -AttackSurfaceReductionRules_Ids BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids D4F940AB-401B-4EfC-AADC-AD5F3C50688A -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 3B576869-A4EC-4529-8536-B80A7769E899 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids D3E037E1-3EB8-44C8-A917-57927947596D -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids D1E49AAC-8F56-4280-B9BA-993A6D77406C -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids C1DB55AB-C21A-4637-BB3F-A12568109D35 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-CD74-433A-B99E-2ECDC07BFC25 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49E8-8B27-EB1D0A1CE869 -AttackSurfaceReductionRules_Actions Enabled
        Add-MpPreference -AttackSurfaceReductionRules_Ids 7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C -AttackSurfaceReductionRules_Actions Enabled

        Write-Output "Enable Network Protection"
        Set-MpPreference -EnableNetworkProtection Enabled

        Write-Output "Set MAPS Reporting to Advanced"
        Set-MpPreference -MAPSReporting Advanced

        Write-Output "Enable Block Potentially unwanted applications"
        Set-MpPreference -PUAProtection Enabled

        Write-Output "Set Cloud check timeout to 50"
        Set-MpPreference -CloudExtendedTimeout 50

        Write-Output "Set Cloud Block Level to High"
        Set-MpPreference -CloudBlockLevel High

        Write-Output "Set Sending all samples"
        Set-MpPreference -SubmitSamplesConsent SendAllSamples

        Write-Output "Enable File Hash computation"
        Set-MpPreference -EnableFileHashComputation:$true

        Write-Output "Completed configuring Windows Defender"
    }
    End
    {}
}